VDB
CVE-2022-28946
CVE-2022-28946
PUBLISHED
CVSS 5 MEDIUM
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.
EPSS 0.43% · 63.1th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.43%
63.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| github.com | open-policy-agent/opa | 0 |
| Cloudflare | access | |
| openpolicyagent | open_policy_agent | 0.39.0 |
Timeline
- May 19, 2022 CVE Published
- May 20, 2022 EPSS Score
- Jul 8, 2022 EPSS Score
- Aug 27, 2022 EPSS Score
- Oct 15, 2022 EPSS Score
- Dec 3, 2022 EPSS Score
- Jan 21, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Apr 29, 2023 EPSS Score
- Jun 17, 2023 EPSS Score
- Aug 5, 2023 EPSS Score