VYPR

Go modules package

github.com/ory/oathkeeper

pkg:golang/github.com/ory/oathkeeper

Vulnerabilities (4)

  • CVE-2026-33496HigMar 26, 2026
    affected < 0.40.10-0.20260320084801-198a2bc82a99fixed 0.40.10-0.20260320084801-198a2bc82a99

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator c

  • CVE-2026-33495MedMar 26, 2026
    affected < 0.40.10-0.20260320084810-e9acca14a04dfixed 0.40.10-0.20260320084810-e9acca14a04d

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component

  • CVE-2026-33494CriMar 26, 2026
    affected < 0.40.10-0.20260320084758-8e0002140491fixed 0.40.10-0.20260320084758-8e0002140491

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path

  • CVE-2021-32701Jun 22, 2021
    affected >= 0.38.0-beta.2, < 0.38.12-beta.1fixed 0.38.12-beta.1

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `foo` scope, introspection