{"id":"GO-2025-3660","summary":"OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa","details":"OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa","aliases":["CVE-2025-46569","GHSA-6m8w-jc87-6cr7"],"modified":"2026-02-04T04:36:32.590498Z","published":"2025-05-05T16:14:33Z","related":["CGA-9wmx-2228-q73c"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-3660","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7"},{"type":"FIX","url":"https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c"}],"affected":[{"package":{"name":"github.com/open-policy-agent/opa","ecosystem":"Go","purl":"pkg:golang/github.com/open-policy-agent/opa"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.4.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["Server.makeRego","Server.unversionedGetHealthWithPolicy","Server.v0QueryPath","baseHTTPListener.ListenAndServe","baseHTTPListener.ListenAndServeTLS","stringPathToDataRef","stringPathToRef"],"path":"github.com/open-policy-agent/opa/v1/server"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3660.json"}}],"schema_version":"1.7.3"}