{"id":"CVE-2018-16398","details":"In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\\/start to bypass a policy in which \"docker start\" is allowed but \"docker pause\" is not allowed.","modified":"2026-04-02T00:55:47.030717Z","published":"2018-09-03T19:29:00.370Z","references":[{"type":"FIX","url":"https://github.com/twistlock/authz/issues/50"},{"type":"FIX","url":"https://github.com/twistlock/authz/issues/51"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/twistlock/authz","events":[{"introduced":"0"},{"last_affected":"484afd59f163c2db11e3de80e8a2a6a520bb4c3d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.1"}]}}],"versions":["0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16398.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}