pkg:Go/github.com/pomerium/pomerium

All known vulnerabilities

• CRITICAL10.0CVE-2023-33189Pomerium vulnerable to Incorrect Authorization with specially crafted requests in github.com/pomerium/pomerium
  >= 0.22.0, < 0.22.2
• CRITICAL10.0CVE-2023-33189Pomerium vulnerable to Incorrect Authorization with specially crafted requests in github.com/pomerium/pomerium
  from 0, < 0.17.4, >= 0.18.0, < 0.18.1, >= 0.19.0, < 0.19.2, >= 0.20.0, < 0.20.1, >= 0.21.0, < 0.21.4, >= 0.22.0, < 0.22.2
• HIGH8.6Incorrect Authorization with specially crafted requests
  >= 0.11.0, < 0.14.8
• HIGH8.6Incorrect handling of H2 GOAWAY + SETTINGS frames
  from 0, < 0.15.1
• HIGH8.6Incorrect handling of H2 GOAWAY + SETTINGS frames
  from 0, < 0.15.1
• HIGH7.5Excessive CPU usage in Pomerium
  from 0, < 0.14.8
• MEDIUM6.8Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium
  from 0, < 0.27.1
• MEDIUM6.8Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium
  from 0, < 0.27.1
• MEDIUM6.5Exposure of Sensitive Information in Pomerium in github.com/pomerium/pomerium
  >= 0.16.0, < 0.17.1
• MEDIUM6.5Exposure of Sensitive Information in Pomerium in github.com/pomerium/pomerium
  >= 0.16.0, < 0.17.1
• MEDIUM6.3JWT leak via Open Redirect in Programmatic access in github.com/pomerium/pomerium
  from 0, < 0.13.4
• MEDIUM6.3JWT leak via Open Redirect in Programmatic access in github.com/pomerium/pomerium
  from 0, < 0.13.4
• MEDIUM6.1pomerium_signature is not verified in middleware in github.com/pomerium/pomerium
  >= 0.10.0, < 0.13.4
• MEDIUM6.1pomerium_signature is not verified in middleware in github.com/pomerium/pomerium
  >= 0.10.0, < 0.13.4
• MEDIUM5.7Pomerium exposed OAuth2 access and ID tokens in user info endpoint response in github.com/pomerium/pomerium
  from 0, < 0.26.1
• MEDIUM5.7Pomerium exposed OAuth2 access and ID tokens in user info endpoint response in github.com/pomerium/pomerium
  from 0, < 0.26.1
• MEDIUM5.3Incorrect authorization in github.com/pomerium/pomerium
  >= 0.14.0, < 0.15.6
• MEDIUM5.3Incorrect authorization in github.com/pomerium/pomerium
  from 0, < 0.15.6