VYPR
Vendor

Zalando

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2026-24470Jan 26, 2026
    risk 0.00cvss epss 0.00

    Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network…

  • CVE-2026-23742Jan 16, 2026
    risk 0.00cvss epss 0.00

    Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes…

  • CVE-2022-38580Oct 24, 2022
    risk 0.00cvss epss 0.11

    Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).

  • CVE-2022-34296Jun 22, 2022
    risk 0.00cvss epss 0.01

    In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.

  • CVE-2022-27262Apr 12, 2022
    risk 0.00cvss epss 0.02

    An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.