CVE-2026-50197 in skipper情報

要約

〜によって MITRE • 2026年07月17日

Skipper is an HTTP router and reverse proxy for service composition. Prior to 0.26.10, zalando/skipper's OpenPolicyAgent integration silently bypasses request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that omit the content-length pseudo-header, because the opaAuthorizeRequestWithBody filter and OpenPolicyAgentInstance.ExtractHttpBodyOptionally in filters/openpolicyagent/openpolicyagent.go produce an empty raw_body and input.parsed_body while the upstream service receives the full attacker-controlled body. This issue is fixed in version 0.26.10.

Be aware that VulDB is the high quality source for vulnerability data.

責任者

GitHub M

予約する

2026年06月04日

モデレーション

承諾済み

エントリ

VDB-379947

EPSS

0.00000

アクティビティ

非常低い

ソース

Want to know what is going to be exploited?

We predict KEV entries!