Oxyno-Zeta S3-Proxy vulnerabilities
2 known vulnerabilities affecting oxyno-zeta/s3-proxy.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-42882P2CRITICALCVSS 9.4fixed in 5.0.02026-05-11
CVE-2026-42882 [CRITICAL] CWE-22 CVE-2026-42882: oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentic
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the percent-encoded request URI (r.URL.RequestURI()), whi
nvd
CVE-2025-27088P3HIGHCVSS 8.2fixed in 2.23.1fixed in 4.18.1+1 more2025-02-20
CVE-2025-27088 [HIGH] CWE-79 CVE-2025-27088: oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Sc
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting (XSS) vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted domain, posing a moderate risk to all users. It's poss
nvd