VYPR

Go modules package

github.com/zalando/skipper

pkg:golang/github.com/zalando/skipper

Vulnerabilities (4)

  • CVE-2026-24470Jan 26, 2026
    affected < 0.24.0fixed 0.24.0

    Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network

  • CVE-2026-23742Jan 16, 2026
    affected < 0.23.0fixed 0.23.0

    Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingre

  • CVE-2022-38580Oct 24, 2022
    affected < 0.13.237fixed 0.13.237

    Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).

  • CVE-2022-34296Jun 22, 2022
    affected < 0.13.218fixed 0.13.218

    In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.