VYPR

Go modules package

github.com/dadrus/heimdall

pkg:golang/github.com/dadrus/heimdall

Vulnerabilities (4)

  • CVE-2026-42274HigMay 8, 2026
    affected < 0.17.14fixed 0.17.14

    Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3.

  • CVE-2026-42273HigMay 8, 2026
    affected < 0.17.14fixed 0.17.14

    Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule fo

  • CVE-2026-42272HigMay 8, 2026
    affected < 0.17.14fixed 0.17.14

    Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes (%2F) in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a result, the lowercase equivalent (%

  • CVE-2026-32811Mar 20, 2026
    affected >= 0.7.0-alpha, < 0.17.11fixed 0.17.11

    Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypasse