GO-2024-2653

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2024-2653

Import Source

https://vuln.go.dev/ID/GO-2024-2653.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2024-2653

Aliases

Published

2024-03-22T18:44:07Z

Modified

2024-07-01T12:27:17.280780Z

Summary

HTTP policy bypass in github.com/cilium/cilium

Details

Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped.

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2024-2653",
    "review_status": "REVIEWED"
}

References

https://docs.cilium.io/en/stable/security/policy/language/#http

Credits

- @romikps
- @sayboras
- @jrajahalme

Affected packages

Go / github.com/cilium/cilium

Package

Name: github.com/cilium/cilium; View open source insights on deps.dev
Purl: pkg:golang/github.com/cilium/cilium

Affected ranges

Type: SEMVER
Events: Introduced

1.13.9

Fixed

1.13.13

Introduced

1.14.0

Fixed

1.14.8

Introduced

1.15.0

Fixed

1.15.2