CVE-2022-33082

Denial of service in Open Policy Agent in go/github.com/open-policy-agent/opa

Identifiers

GHSA-2m4x-4q9j-w97g, CVE-2022-33082

Package Slug

go/github.com/open-policy-agent/opa

Vulnerability

Denial of service in Open Policy Agent

Description

An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Affected Versions

All versions before 0.42.0

Solution

Upgrade to version 0.42.0 or above.

Last Modified

2022-07-24

source