VYPR

rpm package

opensuse/opa&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/opa&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2026-42501HigMay 7, 2026
    affected < 1.16.2-1.1fixed 1.16.2-1.1

    A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can ser

  • CVE-2025-64756Nov 17, 2025
    affected < 1.11.0-1.1fixed 1.11.0-1.1

    Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names.

  • CVE-2025-46569HigMay 1, 2025
    affected < 1.6.0-1.1fixed 1.6.0-1.1

    Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query

  • CVE-2025-22870MedMar 12, 2025
    affected < 1.6.0-1.1fixed 1.6.0-1.1

    Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.