Zalando
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24470 | 0.00 | — | 0.00 | Jan 26, 2026 | Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network… | |||
| CVE-2026-23742 | 0.00 | — | 0.00 | Jan 16, 2026 | Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes… | |||
| CVE-2022-38580 | 0.00 | — | 0.11 | Oct 24, 2022 | Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). | |||
| CVE-2022-34296 | 0.00 | — | 0.01 | Jun 22, 2022 | In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request. | |||
| CVE-2022-27262 | 0.00 | — | 0.02 | Apr 12, 2022 | An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. |
- CVE-2026-24470Jan 26, 2026risk 0.00cvss —epss 0.00
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network…
- CVE-2026-23742Jan 16, 2026risk 0.00cvss —epss 0.00
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes…
- CVE-2022-38580Oct 24, 2022risk 0.00cvss —epss 0.11
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
- CVE-2022-34296Jun 22, 2022risk 0.00cvss —epss 0.01
In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.
- CVE-2022-27262Apr 12, 2022risk 0.00cvss —epss 0.02
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.