| { |
| "schema_version": "1.3.1", |
| "id": "GO-2022-0574", |
| "modified": "0001-01-01T00:00:00Z", |
| "published": "2022-07-01T00:01:03Z", |
| "aliases": [ |
| "CVE-2022-33082", |
| "GHSA-2m4x-4q9j-w97g" |
| ], |
| "summary": "Denial of service in github.com/open-policy-agent/opa", |
| "details": "An issue in the AST parser of Open Policy Agent makes it possible for attackers to cause a Denial of Service attack from a crafted input.", |
| "affected": [ |
| { |
| "package": { |
| "name": "github.com/open-policy-agent/opa", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "0.42.0" |
| } |
| ] |
| } |
| ], |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "github.com/open-policy-agent/opa/ast", |
| "symbols": [ |
| "Args.Copy", |
| "Args.Vars", |
| "Array.Copy", |
| "Array.Foreach", |
| "Array.Iter", |
| "Array.Until", |
| "ArrayComprehension.Copy", |
| "BeforeAfterVisitor.Walk", |
| "Body.Copy", |
| "Body.Vars", |
| "Call.Copy", |
| "CompileModules", |
| "CompileModulesWithOpt", |
| "Compiler.Compile", |
| "Compiler.GetRulesDynamic", |
| "Compiler.GetRulesDynamicWithOpts", |
| "Compiler.PassesTypeCheck", |
| "ContainsClosures", |
| "ContainsComprehensions", |
| "ContainsRefs", |
| "Copy", |
| "Every.Copy", |
| "Every.KeyValueVars", |
| "Expr.Copy", |
| "Expr.CopyWithoutTerms", |
| "Expr.Vars", |
| "GenericTransformer.Transform", |
| "GenericVisitor.Walk", |
| "Head.Copy", |
| "Head.Vars", |
| "Import.Copy", |
| "IsConstant", |
| "JSON", |
| "JSONWithOpt", |
| "Module.Copy", |
| "Module.UnmarshalJSON", |
| "MustCompileModules", |
| "MustCompileModulesWithOpts", |
| "MustJSON", |
| "MustParseBody", |
| "MustParseBodyWithOpts", |
| "MustParseExpr", |
| "MustParseImports", |
| "MustParseModule", |
| "MustParseModuleWithOpts", |
| "MustParsePackage", |
| "MustParseRef", |
| "MustParseRule", |
| "MustParseStatement", |
| "MustParseStatements", |
| "MustParseTerm", |
| "NewGraph", |
| "ObjectComprehension.Copy", |
| "OutputVarsFromBody", |
| "OutputVarsFromExpr", |
| "Package.Copy", |
| "ParseBody", |
| "ParseBodyWithOpts", |
| "ParseExpr", |
| "ParseImports", |
| "ParseModule", |
| "ParseModuleWithOpts", |
| "ParsePackage", |
| "ParseRef", |
| "ParseRule", |
| "ParseStatement", |
| "ParseStatements", |
| "ParseStatementsWithOpts", |
| "ParseTerm", |
| "Parser.Parse", |
| "Pretty", |
| "QueryContext.Copy", |
| "Ref.ConstantPrefix", |
| "Ref.Copy", |
| "Ref.Dynamic", |
| "Ref.Extend", |
| "Ref.OutputVars", |
| "Rule.Copy", |
| "SetComprehension.Copy", |
| "SomeDecl.Copy", |
| "Term.Copy", |
| "Term.Vars", |
| "Transform", |
| "TransformComprehensions", |
| "TransformRefs", |
| "TransformVars", |
| "TreeNode.DepthFirst", |
| "TypeEnv.Get", |
| "Unify", |
| "ValueMap.Copy", |
| "ValueMap.Equal", |
| "ValueMap.Hash", |
| "ValueMap.Iter", |
| "ValueMap.MarshalJSON", |
| "ValueMap.String", |
| "ValueToInterface", |
| "VarVisitor.Walk", |
| "Walk", |
| "WalkBeforeAndAfter", |
| "WalkBodies", |
| "WalkClosures", |
| "WalkExprs", |
| "WalkNodes", |
| "WalkRefs", |
| "WalkRules", |
| "WalkTerms", |
| "WalkVars", |
| "WalkWiths", |
| "With.Copy", |
| "baseDocEqIndex.AllRules", |
| "baseDocEqIndex.Build", |
| "baseDocEqIndex.Lookup", |
| "bodySafetyTransformer.Visit", |
| "comprehensionIndexNestedCandidateVisitor.Walk", |
| "comprehensionIndexRegressionCheckVisitor.Walk", |
| "metadataParser.Parse", |
| "object.Copy", |
| "object.Diff", |
| "object.Filter", |
| "object.Foreach", |
| "object.Intersect", |
| "object.Iter", |
| "object.Map", |
| "object.Merge", |
| "object.MergeWith", |
| "object.Until", |
| "queryCompiler.Compile", |
| "refChecker.Visit", |
| "refindices.Sorted", |
| "refindices.Update", |
| "rewriteDeclaredVarsInTerm", |
| "rewriteNestedHeadVarLocalTransform.Visit", |
| "ruleArgLocalRewriter.Visit", |
| "ruleWalker.Do", |
| "set.Copy", |
| "set.Diff", |
| "set.Foreach", |
| "set.Intersect", |
| "set.Iter", |
| "set.Map", |
| "set.Reduce", |
| "set.Union", |
| "set.Until", |
| "trieNode.Do", |
| "trieNode.Traverse", |
| "trieTraversalResult.Add", |
| "typeChecker.CheckBody", |
| "typeChecker.CheckTypes" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "FIX", |
| "url": "https://github.com/open-policy-agent/opa/pull/4701" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/open-policy-agent/opa/commit/064f6168a8dfebdeb2ea147f7882bb9f5d2b7f67" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/open-policy-agent/opa/issues/4762" |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2022-0574", |
| "review_status": "REVIEWED" |
| } |
| } |