AIKIDO-2025-10970
github.com/open-policy-agent/opa is vulnerable to Memory Allocation with Excessive Size Value
30
Low Risk
This Affects:
github.com/open-policy-agent/opaTL;DR
Affected versions of this package are vulnerable to Memory Exhaustion via a forged Gzip Header. A crafted HTTP request containing a malicious gzip header sent to any of OPA's HTTP endpoints could cause the service to allocate excessive memory, leading to an out-of-memory (OOM) process exit and denial of service. An attacker can exploit this by sending a direct HTTP request to the OPA server, which is effective before any token-based authentication or authorization checks are applied, making it a potent vector if OPA is directly accessible on a network. The issue was addressed by implementing a proper size check on the decompressed payload during gzip handling.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
Background info
github.com/open-policy-agent/opa is vulnerable to Memory Allocation with Excessive Size Value in versions 0.1.0 - 1.11.0.
How to fix this
Upgrade github.com/open-policy-agent/opa library to patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant