Technology: kong
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0138 Low Impact: 5/10 Mitigation: 4/10 | Supabase Self-Hosted: API Rate Limit Exceeded and Request Throttling | Detects when Supabase API requests are being rate-limited due to excessive traffic or aggressive client behavior. This results in HTTP 429 responses and can indicate DDoS attacks, misconfigured clients, or insufficient rate limiting configuration for the application's traffic patterns. | API Problems | kong | SupabaseRate LimitingThrottlingProxyPerformanceSelf-HostedPublic |
| CRE-2025-0142 Medium Impact: 6/10 Mitigation: 5/10 | Supabase Self-Hosted: SSL Certificate Missing or Invalid Configuration | Detects when Supabase services fail due to missing, invalid, or improperly configured SSL certificates. This affects HTTPS endpoints, secure WebSocket connections, and can prevent clients from establishing secure connections to the self-hosted Supabase instance. | Configuration Problem | kong | SupabaseSslTLSCertificate VerificationSecurityConfigurationProxySelf-HostedSSL CertificatePublic |