Suggestions search

Published

Filter by:

With package: zrok

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-40303

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 4 days ago
@LeSuisse ignored maintainer @bennyandresen 1 week, 3 days ago maintainer.ignore
@LeSuisse accepted 1 week, 3 days ago
@LeSuisse published on GitHub 1 week, 3 days ago

zrok allows unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, count) with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger gigabyte-scale heap allocations per request, leading to process-level OOM termination or repeated goroutine panics. Both publicProxy and dynamicProxy are affected. Version 2.0.1 patches the issue.

References

https://github.com/openziti/zrok/security/advisories/GHSA-cpf9-ph2j-ccr9 x_refsource_CONFIRM

Ignored references (1)

https://github.com/openziti/zrok/releases/tag/v2.0.1 x_refsource_MISC

Affected products

zrok

==< 2.0.1

Matching in nixpkgs

pkgs.zrok

Geo-scale, next-generation sharing platform built on top of OpenZiti

nixos-unstable 2.0.1
- nixpkgs-unstable 2.0.1
- nixos-unstable-small 2.0.1
nixos-25.11 1.0.4
- nixos-25.11-small 1.0.4
- nixpkgs-25.11-darwin 1.0.4

Package maintainers

Ignored maintainers (1)

@bennyandresen Benjamin Andresen <bandresen@gmail.com>

Permalink CVE-2026-40302

6.1 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 4 days ago
@LeSuisse ignored maintainer @bennyandresen 1 week, 3 days ago maintainer.ignore
@LeSuisse accepted 1 week, 3 days ago
@LeSuisse published on GitHub 1 week, 3 days ago

zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template (which performs no HTML escaping) instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the attacker-controlled refreshInterval query parameter verbatim into an error message when time.ParseDuration fails, and render that error unescaped into HTML. An attacker can deliver a crafted login URL to a victim; after the victim completes the GitHub OAuth flow, the callback page executes arbitrary JavaScript in the OAuth server's origin. Version 2.0.1 patches the issue.

References

https://github.com/openziti/zrok/security/advisories/GHSA-4fxq-2x3x-6xqx x_refsource_CONFIRM

Ignored references (1)

https://github.com/openziti/zrok/releases/tag/v2.0.1 x_refsource_MISC

Affected products

zrok

==< 2.0.1

Matching in nixpkgs

pkgs.zrok

Geo-scale, next-generation sharing platform built on top of OpenZiti

nixos-unstable 2.0.1
- nixpkgs-unstable 2.0.1
- nixos-unstable-small 2.0.1
nixos-25.11 1.0.4
- nixos-25.11-small 1.0.4
- nixpkgs-25.11-darwin 1.0.4

Package maintainers

Ignored maintainers (1)

@bennyandresen Benjamin Andresen <bandresen@gmail.com>