GHSA-5pmx-7r6r-wfqq: Kgateway transformation policy template can emit files from the container
(updated )
The transformation policy template feature in Kgateway versions through 2.0.4 allows users with TrafficPolicy creation permissions to craft transformations that read and expose arbitrary files from the dataplane container filesystem.
References
- github.com/advisories/GHSA-5pmx-7r6r-wfqq
- github.com/kgateway-dev/kgateway
- github.com/kgateway-dev/kgateway/pull/12528
- github.com/kgateway-dev/kgateway/pull/12535
- github.com/kgateway-dev/kgateway/security/advisories/GHSA-5pmx-7r6r-wfqq
- github.com/solo-io/envoy-gloo/releases/tag/v1.34.6-patch3
- github.com/solo-io/envoy-gloo/releases/tag/v1.35.2-patch4
Code Behaviors & Features
Detect and mitigate GHSA-5pmx-7r6r-wfqq with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →