{"id":"GHSA-2m4x-4q9j-w97g","summary":"Denial of service in Open Policy Agent ","details":"An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.","aliases":["CVE-2022-33082","GO-2022-0574"],"modified":"2026-02-04T03:57:09.357907Z","published":"2022-07-01T00:01:03Z","related":["CGA-gwh3-f537-q6ff"],"database_specific":{"severity":"HIGH","cwe_ids":["CWE-703"],"github_reviewed":true,"github_reviewed_at":"2022-07-06T19:52:00Z","nvd_published_at":"2022-06-30T22:15:00Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-33082"},{"type":"WEB","url":"https://github.com/open-policy-agent/opa/issues/4761"},{"type":"WEB","url":"https://github.com/open-policy-agent/opa/issues/4762"},{"type":"WEB","url":"https://github.com/open-policy-agent/opa/pull/4701"},{"type":"WEB","url":"https://github.com/open-policy-agent/opa/commit/064f6168a8dfebdeb2ea147f7882bb9f5d2b7f67"},{"type":"PACKAGE","url":"https://github.com/open-policy-agent/opa"},{"type":"WEB","url":"https://github.com/open-policy-agent/opa/blob/598176de326025451025225aca53e85708d5f1db/ast/compile.go#L1224"},{"type":"WEB","url":"https://pkg.go.dev/vuln/GO-2022-0574"}],"affected":[{"package":{"name":"github.com/open-policy-agent/opa","ecosystem":"Go","purl":"pkg:golang/github.com/open-policy-agent/opa"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.42.0"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-2m4x-4q9j-w97g/GHSA-2m4x-4q9j-w97g.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}