Vulnerabilities > Konghq

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 Resource Exhaustion vulnerability in multiple products
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 		7.5
7.5
2023-10-04 CVE-2023-40299 Unspecified vulnerability in Konghq Insomnia 2023.4.0
Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.
local
low complexity
konghq
7.8
7.8
2023-04-29 CVE-2023-2418 Use of Insufficiently Random Values vulnerability in Konghq Kong 2.8.3
A vulnerability was found in Konga 2.8.3 on Kong.
network
high complexity
konghq CWE-330
5.9
5.9
2023-02-12 CVE-2020-36661 Unspecified vulnerability in Konghq Multipart 0.5.81
A vulnerability was found in Kong lua-multipart 0.5.8-1.
network
low complexity
konghq
7.5
7.5
2021-03-18 CVE-2021-27306 Use of Incorrectly-Resolved Name or Reference vulnerability in Konghq Kong Gateway
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.
network
low complexity
konghq CWE-706
7.5
7.5
2020-04-12 CVE-2020-11710 Unspecified vulnerability in Konghq Docker-Kong
An issue was discovered in docker-kong (for Kong) through 2.0.3.
network
low complexity
konghq
critical
 9.8
9.8