Affected by GO-2022-0783 and 4 other vulnerabilities

GO-2022-0783: JWT leak via Open Redirect in Programmatic access in github.com/pomerium/pomerium

GO-2022-0933: Incorrect handling of H2 GOAWAY + SETTINGS frames in github.com/pomerium/pomerium

GO-2023-1800: Pomerium vulnerable to Incorrect Authorization with specially crafted requests in github.com/pomerium/pomerium

GO-2024-2965: Pomerium exposed OAuth2 access and ID tokens in user info endpoint response in github.com/pomerium/pomerium

GO-2024-3179: Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium

internal/

Details

Path	Synopsis
cryptutil Package cryptutil provides encoding and decoding routines for various cryptographic structures.	Package cryptutil provides encoding and decoding routines for various cryptographic structures.
fileutil
https
httputil
log Package log provides a global logger for zerolog.	Package log provides a global logger for zerolog.
middleware Package middleware provides a standard set of middleware implementations for pomerium.	Package middleware provides a standard set of middleware implementations for pomerium.
options
sessions
templates
version