OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2025-3660" }
{ "imports": [ { "path": "github.com/open-policy-agent/opa/v1/server", "symbols": [ "Server.makeRego", "Server.unversionedGetHealthWithPolicy", "Server.v0QueryPath", "baseHTTPListener.ListenAndServe", "baseHTTPListener.ListenAndServeTLS", "stringPathToDataRef", "stringPathToRef" ] } ] }