📦 Pomerium
by Pomerium
🔍 What is Pomerium?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2023-33189 is an authorization bypass vulnerability in Pomerium identity-aware access proxy. Attackers can craft requests to bypass authorization controls and access protected resources. All Pomer...
CVE-2021-39206 is an authorization bypass vulnerability in Pomerium's underlying Envoy proxy that could allow specially crafted requests to bypass path-based access controls. This affects Pomerium dep...
This CVE describes a denial-of-service vulnerability in Envoy's HTTP/2 stream reset handling that affects Pomerium identity-aware access proxies. Attackers can cause high CPU utilization by resetting ...
Pomerium versions before 0.26.1 expose OAuth2 access and ID tokens on the user info page, allowing potential token theft. This affects organizations using Pomerium as an identity-aware proxy. Attacker...