CNNVD-202601-2739 Information

CNNVD ID

CNNVD-202601-2739

Related CVE

CVE-2026-23742

• CNNVD Published: 2026-01-16

Description (Chinese)

Skipper是一个用于服务组合的 HTTP 路由器和反向代理。 Skipper 0.23.0之前版本存在安全漏洞，该漏洞源于默认配置允许不受信任用户创建Lua过滤器，可能导致文件系统读取。

Description (English)

Skipper is a HTTP router and reverse agent for service combinations. There is a security loophole in the pre-Skipper 0.23.0 version, which stems from the default configuration allowing untrusted users to create the Lua filter, which may lead to a file system reading.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-16

Last Modified

2026-02-24

References

https://github.com/zalando/skipper/commit/0b52894570773b29e2f3c571b94b4211ef8fa714 https://github.com/zalando/skipper/security/advisories/GHSA-cc8m-98fm-rc9g https://github.com/zalando/skipper/releases/tag/v0.23.0 https://access.redhat.com/security/cve/cve-2026-23742

Patch

https://github.com/zalando/skipper/releases