A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Affected Packages

Go k8s.io/ingress-nginx

Affected versions: 0 (fixed in 1.11.5)

Go k8s.io/ingress-nginx

Affected versions: 1.12.0-beta.0 (fixed in 1.12.1)

Related CVEs

CVE-2025-1098

Key Information

GHSA ID

GHSA-vg63-w3p9-jc9m

Published

March 25, 2025 12:30 AM

Last Modified

March 25, 2025 3:06 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

k8s.io/ingress-nginx

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 25, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.