GO-2025-3660
- Source
- https://pkg.go.dev/vuln/GO-2025-3660
- Import Source
- https://vuln.go.dev/ID/GO-2025-3660.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2025-3660
- Aliases
-
- CVE-2025-46569
- GHSA-6m8w-jc87-6cr7
- Published
- 2025-05-05T16:14:33Z
- Modified
- 2025-05-05T16:41:58.138762Z
- Summary
- OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa
- Details
-
OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa
- Database specific
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2025-3660" }- References
Affected packages
Go / github.com/open-policy-agent/opa
Package
- Name
- github.com/open-policy-agent/opa
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/open-policy-agent/opa
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.0
Ecosystem specific
{
"imports": [
{
"path": "github.com/open-policy-agent/opa/v1/server",
"symbols": [
"Server.makeRego",
"Server.unversionedGetHealthWithPolicy",
"Server.v0QueryPath",
"baseHTTPListener.ListenAndServe",
"baseHTTPListener.ListenAndServeTLS",
"stringPathToDataRef",
"stringPathToRef"
]
}
]
}