Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.
2023-05-30T06:16:37.937
2024-11-21T08:05:05.060
Modified
CVSSv3.1: 10.0 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | pomerium | pomerium | < 0.17.4 | Yes |
| Application | pomerium | pomerium | < 0.19.2 | Yes |
| Application | pomerium | pomerium | < 0.21.4 | Yes |
| Application | pomerium | pomerium | < 0.22.2 | Yes |
| Application | pomerium | pomerium | 0.18.0 | Yes |
| Application | pomerium | pomerium | 0.20.0 | Yes |