Github.Com Dapr Dapr vulnerabilities
2 known vulnerabilities affecting github.com/dapr_dapr.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-37918P3MEDIUM≥ 1.11.0, < 1.11.2≥ 0, < 1.10.92023-07-21
CVE-2023-37918 [MEDIUM] CWE-287 Dapr API token authentication bypass in HTTP endpoints
Dapr API token authentication bypass in HTTP endpoints
### Summary
A vulnerability has been found in Dapr that allows bypassing [API token authentication](https://docs.dapr.io/operations/security/api-token/), which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request.
Users who leverage API token authentication are encouraged to upgrade Dapr to 1.
ghsaosv
CVE-2024-35223P4MEDIUM≥ 1.13.0, < 1.13.32024-05-22
CVE-2024-35223 [MEDIUM] CWE-200 Dapr API Token Exposure
Dapr API Token Exposure
### **Summary**
A vulnerability has been found in Dapr that causes a leak of the application token of the invoker app to the invoked app when using Dapr as a gRPC proxy for remote service invocation. This issue arises because Dapr sends the app token of the invoker app instead of the app token of the invoked app.
Users who leverage Dapr for gRPC proxy service invocation and are using the app API token feature are
ghsaosv