Vulnerabilities > Konghq
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-10-04 | CVE-2023-40299 | Unspecified vulnerability in Konghq Insomnia 2023.4.0 Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable. | 7.8 |
| 2023-04-29 | CVE-2023-2418 | Use of Insufficiently Random Values vulnerability in Konghq Kong 2.8.3 A vulnerability was found in Konga 2.8.3 on Kong. | 5.9 |
| 2023-02-12 | CVE-2020-36661 | Unspecified vulnerability in Konghq Multipart 0.5.81 A vulnerability was found in Kong lua-multipart 0.5.8-1. | 7.5 |
| 2021-03-18 | CVE-2021-27306 | Use of Incorrectly-Resolved Name or Reference vulnerability in Konghq Kong Gateway An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. | 7.5 |
| 2020-04-12 | CVE-2020-11710 | Unspecified vulnerability in Konghq Docker-Kong An issue was discovered in docker-kong (for Kong) through 2.0.3. | 9.8 |