Linux Foundation Dapr
By the Year
In 2024 there have been 0 vulnerabilities in Linux Foundation Dapr . Last year Dapr had 1 security vulnerability published. Right now, Dapr is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Dapr vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linux Foundation Dapr Security Vulnerabilities
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge
CVE-2023-37918
7.5 - High
- July 21, 2023
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request. Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 or to 1.11.2. This vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the `dapr-api-token` in the request is invalid or missing. The issue has been fixed in Dapr 1.10.9 or to 1.11.2. There are no known workarounds for this vulnerability.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Linux Foundation Dapr or by Linux Foundation? Click the Watch button to subscribe.
