{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T18:13:01.881","vulnerabilities":[{"cve":{"id":"CVE-2022-36085","sourceIdentifier":"security-advisories@github.com","published":"2022-09-08T14:15:08.340","lastModified":"2024-11-21T07:12:21.110","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found, where the use of the `with` keyword to mock such a built-in function (a feature introduced in OPA v0.40.0), isn’t taken into account by `WithUnsafeBuiltins`. Multiple conditions need to be met in order to create an adverse effect. Version 0.43.1 contains a patch for this issue. As a workaround, avoid using the `WithUnsafeBuiltins` function and use the `capabilities` feature instead."},{"lang":"es","value":"Open Policy Agent (OPA) es un motor de políticas de propósito general de código abierto. El compilador de Rego proporciona una función \"WithUnsafeBuiltins\" (en desuso), que permite a usuarios proporcionar un conjunto de funciones integradas que el compilador debería considerar inseguras y, como tales, rechazarlas si son encontradas en la etapa de compilación de políticas. . Se ha encontrado una omisión de esta protección, en la que \"WithUnsafeBuiltins\" no es tenido en cuenta el uso de la palabra clave \"with\" para simular una función integrada de este tipo (una característica introducida en OPA v0.40.0). Deben cumplirse múltiples condiciones para crear un efecto adverso. La versión 0.43.1 contiene un parche para este problema. Como mitigación, evite usar la función \"WithUnsafeBuiltins\" y use la funcionalidad \"capabilities\" en su lugar"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-693"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openpolicyagent:open_policy_agent:*:*:*:*:*:*:*:*","versionStartIncluding":"0.40.0","versionEndExcluding":"0.43.1","matchCriteriaId":"24044142-C7B3-4994-9F36-5ED0299C8E5B"}]}]}],"references":[{"url":"https://github.com/open-policy-agent/opa/commit/25a597bc3f4985162e7f65f9c36599f4f8f55823","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/open-policy-agent/opa/commit/3e8c754ed007b22393cf65e48751ad9f6457fee8","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/open-policy-agent/opa/pull/4540","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/open-policy-agent/opa/pull/4616","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/open-policy-agent/opa/releases/tag/v0.43.1","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/open-policy-agent/opa/commit/25a597bc3f4985162e7f65f9c36599f4f8f55823","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/open-policy-agent/opa/commit/3e8c754ed007b22393cf65e48751ad9f6457fee8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/open-policy-agent/opa/pull/4540","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/open-policy-agent/opa/pull/4616","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/open-policy-agent/opa/releases/tag/v0.43.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}