GHSA-5pmx-7r6r-wfqq
MEDIUMKgateway transformation policy template can emit files from the container
Blast Radius
github.com/kgateway-dev/kgateway/v2🐹github.com/kgateway-dev/kgateway/v2Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects Go packages — download data is not available via public APIs for these ecosystems.
Description
Summary
The transformation policy template feature in Kgateway versions through 2.0.4 allows users with TrafficPolicy creation permissions to craft transformations that read and expose arbitrary files from the dataplane container filesystem.
Description
Impact
Users with permissions to create a TrafficPolicy can create a transformation that returns files from within the dataplane container. While no secrets are mounted to the container by default, users who mount custom volumes to the dataplane should be aware of potential data exposure through this vulnerability.
This could allow unauthorized access to:
- Configuration files within the container
- Custom mounted volumes and their contents
- Any files accessible to the dataplane container process
Note: Updated availability score to high, as under some configurations this can prevent xDS updates.
Patches
Upgrade to version 2.0.5 or 2.1.0. These versions include an updated transformation filter in envoy-gloo that prevents file access through transformation templates.
Workarounds
If you are not using transformations, you can disallow TrafficPolicy creation or restrict transformation usage using a ValidatingAdmissionPolicy to prevent exploitation while preparing to upgrade.
References
- Fix in 2.1.0: https://github.com/kgateway-dev/kgateway/pull/12528 (envoy-gloo v1.35.2-patch4)
- Backport to 2.0.5: Included in https://github.com/kgateway-dev/kgateway/pull/12535 (envoy-gloo v1.34.6-patch3)
- Envoy-gloo releases: https://github.com/solo-io/envoy-gloo/releases/tag/v1.35.2-patch4
- Envoy-gloo releases: https://github.com/solo-io/envoy-gloo/releases/tag/v1.34.6-patch3
Credits
Kindly reported by @rikatz
For More Information
If you have any questions or comments about this advisory, please reach out in slack https://cloud-native.slack.com/archives/C080D3PJMS4
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🐹Go | github.com/kgateway-dev/kgateway/v2 | all versions | 2.0.5 |
| 🐹Go | github.com/kgateway-dev/kgateway/v2 | ≥ 2.1.0-agw-cel-rbac&&< 2.1.0 | 2.1.0 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/kgateway-dev/kgateway/v2. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update github.com/kgateway-dev/kgateway/v2 to 2.0.5 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-5pmx-7r6r-wfqq is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-5pmx-7r6r-wfqq is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-5pmx-7r6r-wfqq. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-5pmx-7r6r-wfqq in your dependencies?
O3 detects GHSA-5pmx-7r6r-wfqq across Go dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.