Description
The product defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.
CVE vulnerabilities with CWE-647 (7)
8.6
CVSS
HIGH
CVE-2022-43939
pub. 2023-04-03🚩 CISA KEV⚡ EXPLOIT
7.3
CVSS
HIGH
CVE-2025-64500
pub. 2025-11-12
6.7
CVSS
MEDIUM
CVE-2025-9909
pub. 2026-02-27
6.5
CVSS
MEDIUM
CVE-2025-66202
pub. 2025-12-09
4.0
CVSS
MEDIUM
CVE-2025-47241
pub. 2025-05-03
3.4
CVSS
LOW
CVE-2025-43916
pub. 2025-04-21
2.3
CVSS
LOW
CVE-2026-5222
pub. 2026-05-25