blob: f5f43b5e9fe3d9b24e1e0e73770822a7be6ab108 [file] [log] [blame]
id: GO-2022-0316
modules:
- module: github.com/open-policy-agent/opa
versions:
- introduced: 0.33.1
- fixed: 0.37.2
vulnerable_at: 0.33.1
packages:
- package: github.com/open-policy-agent/opa/format
symbols:
- groupIterable
derived_symbols:
- Ast
- MustAst
- Source
summary: Incorrect calculation in github.com/open-policy-agent/opa
description: |-
Pretty-printing an AST that contains synthetic nodes can change the logic of
some statements by reordering array literals.
published: 2022-07-27T20:27:33Z
cves:
- CVE-2022-23628
ghsas:
- GHSA-hcw3-j74m-qc58
references:
- advisory: https://github.com/open-policy-agent/opa/security/advisories/GHSA-hcw3-j74m-qc58
- fix: https://github.com/open-policy-agent/opa/commit/932e4ffc37a590ace79e9b75ca4340288c220239
- web: https://github.com/open-policy-agent/opa/commit/2bd8edab9e10e2dc9cf76ae8335ced0c224f3055
review_status: REVIEWED