data/reports/GO-2022-0574.yaml - vulndb - Git at Google

 id: GO-2022-0574
 modules:
     - module: github.com/open-policy-agent/opa
       versions:
         - fixed: 0.42.0
       vulnerable_at: 0.41.0
       packages:
         - package: github.com/open-policy-agent/opa/ast
           symbols:
             - rewriteDeclaredVarsInTerm
           derived_symbols:
             - Args.Copy
             - Args.Vars
             - Array.Copy
             - Array.Foreach
             - Array.Iter
             - Array.Until
             - ArrayComprehension.Copy
             - BeforeAfterVisitor.Walk
             - Body.Copy
             - Body.Vars
             - Call.Copy
             - CompileModules
             - CompileModulesWithOpt
             - Compiler.Compile
             - Compiler.GetRulesDynamic
             - Compiler.GetRulesDynamicWithOpts
             - Compiler.PassesTypeCheck
             - ContainsClosures
             - ContainsComprehensions
             - ContainsRefs
             - Copy
             - Every.Copy
             - Every.KeyValueVars
             - Expr.Copy
             - Expr.CopyWithoutTerms
             - Expr.Vars
             - GenericTransformer.Transform
             - GenericVisitor.Walk
             - Head.Copy
             - Head.Vars
             - Import.Copy
             - IsConstant
             - JSON
             - JSONWithOpt
             - Module.Copy
             - Module.UnmarshalJSON
             - MustCompileModules
             - MustCompileModulesWithOpts
             - MustJSON
             - MustParseBody
             - MustParseBodyWithOpts
             - MustParseExpr
             - MustParseImports
             - MustParseModule
             - MustParseModuleWithOpts
             - MustParsePackage
             - MustParseRef
             - MustParseRule
             - MustParseStatement
             - MustParseStatements
             - MustParseTerm
             - NewGraph
             - ObjectComprehension.Copy
             - OutputVarsFromBody
             - OutputVarsFromExpr
             - Package.Copy
             - ParseBody
             - ParseBodyWithOpts
             - ParseExpr
             - ParseImports
             - ParseModule
             - ParseModuleWithOpts
             - ParsePackage
             - ParseRef
             - ParseRule
             - ParseStatement
             - ParseStatements
             - ParseStatementsWithOpts
             - ParseTerm
             - Parser.Parse
             - Pretty
             - QueryContext.Copy
             - Ref.ConstantPrefix
             - Ref.Copy
             - Ref.Dynamic
             - Ref.Extend
             - Ref.OutputVars
             - Rule.Copy
             - SetComprehension.Copy
             - SomeDecl.Copy
             - Term.Copy
             - Term.Vars
             - Transform
             - TransformComprehensions
             - TransformRefs
             - TransformVars
             - TreeNode.DepthFirst
             - TypeEnv.Get
             - Unify
             - ValueMap.Copy
             - ValueMap.Equal
             - ValueMap.Hash
             - ValueMap.Iter
             - ValueMap.MarshalJSON
             - ValueMap.String
             - ValueToInterface
             - VarVisitor.Walk
             - Walk
             - WalkBeforeAndAfter
             - WalkBodies
             - WalkClosures
             - WalkExprs
             - WalkNodes
             - WalkRefs
             - WalkRules
             - WalkTerms
             - WalkVars
             - WalkWiths
             - With.Copy
             - baseDocEqIndex.AllRules
             - baseDocEqIndex.Build
             - baseDocEqIndex.Lookup
             - bodySafetyTransformer.Visit
             - comprehensionIndexNestedCandidateVisitor.Walk
             - comprehensionIndexRegressionCheckVisitor.Walk
             - metadataParser.Parse
             - object.Copy
             - object.Diff
             - object.Filter
             - object.Foreach
             - object.Intersect
             - object.Iter
             - object.Map
             - object.Merge
             - object.MergeWith
             - object.Until
             - queryCompiler.Compile
             - refChecker.Visit
             - refindices.Sorted
             - refindices.Update
             - rewriteNestedHeadVarLocalTransform.Visit
             - ruleArgLocalRewriter.Visit
             - ruleWalker.Do
             - set.Copy
             - set.Diff
             - set.Foreach
             - set.Intersect
             - set.Iter
             - set.Map
             - set.Reduce
             - set.Union
             - set.Until
             - trieNode.Do
             - trieNode.Traverse
             - trieTraversalResult.Add
             - typeChecker.CheckBody
             - typeChecker.CheckTypes
 summary: Denial of service in github.com/open-policy-agent/opa
 description: |-
     An issue in the AST parser of Open Policy Agent makes it possible for attackers
     to cause a Denial of Service attack from a crafted input.
 published: 2022-07-01T00:01:03Z
 cves:
     - CVE-2022-33082
 ghsas:
     - GHSA-2m4x-4q9j-w97g
 references:
     - fix: https://github.com/open-policy-agent/opa/pull/4701
     - fix: https://github.com/open-policy-agent/opa/commit/064f6168a8dfebdeb2ea147f7882bb9f5d2b7f67
     - web: https://github.com/open-policy-agent/opa/issues/4762
	id: GO-2022-0574
	modules:
	- module: github.com/open-policy-agent/opa
	versions:
	- fixed: 0.42.0
	vulnerable_at: 0.41.0
	packages:
	- package: github.com/open-policy-agent/opa/ast
	symbols:
	- rewriteDeclaredVarsInTerm
	derived_symbols:
	- Args.Copy
	- Args.Vars
	- Array.Copy
	- Array.Foreach
	- Array.Iter
	- Array.Until
	- ArrayComprehension.Copy
	- BeforeAfterVisitor.Walk
	- Body.Copy
	- Body.Vars
	- Call.Copy
	- CompileModules
	- CompileModulesWithOpt
	- Compiler.Compile
	- Compiler.GetRulesDynamic
	- Compiler.GetRulesDynamicWithOpts
	- Compiler.PassesTypeCheck
	- ContainsClosures
	- ContainsComprehensions
	- ContainsRefs
	- Copy
	- Every.Copy
	- Every.KeyValueVars
	- Expr.Copy
	- Expr.CopyWithoutTerms
	- Expr.Vars
	- GenericTransformer.Transform
	- GenericVisitor.Walk
	- Head.Copy
	- Head.Vars
	- Import.Copy
	- IsConstant
	- JSON
	- JSONWithOpt
	- Module.Copy
	- Module.UnmarshalJSON
	- MustCompileModules
	- MustCompileModulesWithOpts
	- MustJSON
	- MustParseBody
	- MustParseBodyWithOpts
	- MustParseExpr
	- MustParseImports
	- MustParseModule
	- MustParseModuleWithOpts
	- MustParsePackage
	- MustParseRef
	- MustParseRule
	- MustParseStatement
	- MustParseStatements
	- MustParseTerm
	- NewGraph
	- ObjectComprehension.Copy
	- OutputVarsFromBody
	- OutputVarsFromExpr
	- Package.Copy
	- ParseBody
	- ParseBodyWithOpts
	- ParseExpr
	- ParseImports
	- ParseModule
	- ParseModuleWithOpts
	- ParsePackage
	- ParseRef
	- ParseRule
	- ParseStatement
	- ParseStatements
	- ParseStatementsWithOpts
	- ParseTerm
	- Parser.Parse
	- Pretty
	- QueryContext.Copy
	- Ref.ConstantPrefix
	- Ref.Copy
	- Ref.Dynamic
	- Ref.Extend
	- Ref.OutputVars
	- Rule.Copy
	- SetComprehension.Copy
	- SomeDecl.Copy
	- Term.Copy
	- Term.Vars
	- Transform
	- TransformComprehensions
	- TransformRefs
	- TransformVars
	- TreeNode.DepthFirst
	- TypeEnv.Get
	- Unify
	- ValueMap.Copy
	- ValueMap.Equal
	- ValueMap.Hash
	- ValueMap.Iter
	- ValueMap.MarshalJSON
	- ValueMap.String
	- ValueToInterface
	- VarVisitor.Walk
	- Walk
	- WalkBeforeAndAfter
	- WalkBodies
	- WalkClosures
	- WalkExprs
	- WalkNodes
	- WalkRefs
	- WalkRules
	- WalkTerms
	- WalkVars
	- WalkWiths
	- With.Copy
	- baseDocEqIndex.AllRules
	- baseDocEqIndex.Build
	- baseDocEqIndex.Lookup
	- bodySafetyTransformer.Visit
	- comprehensionIndexNestedCandidateVisitor.Walk
	- comprehensionIndexRegressionCheckVisitor.Walk
	- metadataParser.Parse
	- object.Copy
	- object.Diff
	- object.Filter
	- object.Foreach
	- object.Intersect
	- object.Iter
	- object.Map
	- object.Merge
	- object.MergeWith
	- object.Until
	- queryCompiler.Compile
	- refChecker.Visit
	- refindices.Sorted
	- refindices.Update
	- rewriteNestedHeadVarLocalTransform.Visit
	- ruleArgLocalRewriter.Visit
	- ruleWalker.Do
	- set.Copy
	- set.Diff
	- set.Foreach
	- set.Intersect
	- set.Iter
	- set.Map
	- set.Reduce
	- set.Union
	- set.Until
	- trieNode.Do
	- trieNode.Traverse
	- trieTraversalResult.Add
	- typeChecker.CheckBody
	- typeChecker.CheckTypes
	summary: Denial of service in github.com/open-policy-agent/opa
	description: \|-
	An issue in the AST parser of Open Policy Agent makes it possible for attackers
	to cause a Denial of Service attack from a crafted input.
	published: 2022-07-01T00:01:03Z
	cves:
	- CVE-2022-33082
	ghsas:
	- GHSA-2m4x-4q9j-w97g
	references:
	- fix: https://github.com/open-policy-agent/opa/pull/4701
	- fix: https://github.com/open-policy-agent/opa/commit/064f6168a8dfebdeb2ea147f7882bb9f5d2b7f67
	- web: https://github.com/open-policy-agent/opa/issues/4762