GHSA-pvrc-wvj2-f59p, CVE-2023-33189
go/github.com/pomerium/pomerium
Pomerium vulnerable to Incorrect Authorization with specially crafted requests
With specially crafted requests, incorrect authorization decisions may be made by Pomerium.
We are releasing patch fixes to address this vulnerability going back to v0.17.X
. Please upgrade to:
If you have any questions or comments about this advisory:
All versions before 0.17.4, all versions starting from 0.18.0 before 0.18.1, all versions starting from 0.19.0 before 0.19.2, all versions starting from 0.20.0 before 0.20.1, all versions starting from 0.21.0 before 0.21.4, all versions starting from 0.22.0 before 0.22.2
Upgrade to versions 0.21.4, 0.22.2, 0.19.2, 0.20.1, 0.17.4, 0.18.1 or above.
2023-05-29
source |