Affected by GO-2026-4799 and 2 other vulnerabilities

GO-2026-4799: Ory Oathkeeper has an authentication bypass by cache key confusion in github.com/ory/oathkeeper

GO-2026-4804: Ory Oathkeeper has a path traversal authorization bypass in github.com/ory/oathkeeper

GO-2026-4810: Ory Oathkeeper has an authentication bypass by usage of untrusted header in github.com/ory/oathkeeper

header

package

v0.40.9 Latest Latest Go to latest Published: Jan 30, 2025 License: Apache-2.0 Imports: 1 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ory/oathkeeper

Links

Documentation ¶

Constants ¶

View Source

const (
	AcceptEncoding = "Accept-Encoding"
	Authorization  = "Authorization"
	Cookie         = "Cookie"
	XForwardedHost = "X-Forwarded-Host"
)

Variables ¶

This section is empty.

Functions ¶

func Canonical ¶

func Canonical(h string) string

Canonical returns the canonical format of the MIME header key. The canonicalization converts the first letter and any letter following a hyphen to upper case; the rest are converted to lowercase.

Types ¶

This section is empty.

Source Files ¶

View all Source files

header.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL