{"id":"GO-2024-2653","summary":"HTTP policy bypass in github.com/cilium/cilium","details":"Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped.","aliases":["BIT-cilium-2024-28248","BIT-cilium-operator-2024-28248","BIT-cilium-proxy-2024-28248","BIT-hubble-2024-28248","BIT-hubble-relay-2024-28248","BIT-hubble-ui-2024-28248","BIT-hubble-ui-backend-2024-28248","CVE-2024-28248","GHSA-68mj-9pjq-mc85"],"modified":"2026-02-04T03:18:01.248882Z","published":"2024-03-22T18:44:07Z","related":["CGA-22f3-rw4r-9j48"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-2653","review_status":"REVIEWED"},"references":[{"type":"WEB","url":"https://docs.cilium.io/en/stable/security/policy/language/#http"}],"affected":[{"package":{"name":"github.com/cilium/cilium","ecosystem":"Go","purl":"pkg:golang/github.com/cilium/cilium"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.13.9"},{"fixed":"1.13.13"},{"introduced":"1.14.0"},{"fixed":"1.14.8"},{"introduced":"1.15.0"},{"fixed":"1.15.2"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-2653.json"}}],"schema_version":"1.7.3","credits":[{"name":"@romikps"},{"name":"@sayboras"},{"name":"@jrajahalme"}]}