Vulnerability Report: GO-2025-3660
- CVE-2025-46569, GHSA-6m8w-jc87-6cr7
- Affects: github.com/open-policy-agent/opa
- Published: May 05, 2025
OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa
For detailed information about this vulnerability, visit https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7.
Affected Packages
-
PathVersionsSymbols
-
before v1.4.0all symbols
Aliases
References
- https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7
- https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c
- https://vuln.go.dev/ID/GO-2025-3660.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.