VDB

CVE-2022-28946

CVE-2022-28946 PUBLISHED CVSS 5 MEDIUM

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.

EPSS 0.43% · 63.1th percentile

Risk Scores

CVSS 2.0
5
EPSS Score
0.43%
63.1th percentile

Affected Products

VendorProductVersions
n/an/an/a
github.comopen-policy-agent/opa0
Cloudflareaccess
openpolicyagentopen_policy_agent0.39.0

Timeline

  • May 19, 2022 CVE Published
  • May 20, 2022 EPSS Score
  • Jul 8, 2022 EPSS Score
  • Aug 27, 2022 EPSS Score
  • Oct 15, 2022 EPSS Score
  • Dec 3, 2022 EPSS Score
  • Jan 21, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
  • Apr 29, 2023 EPSS Score
  • Jun 17, 2023 EPSS Score
  • Aug 5, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›