Case Study How Showpo Rebuilt Its API Layer for a Global Headless Migration

Products
Community Edition
Open Source API Gateway Free to use The high-performance open source API gateway, free to use and trusted by thousands of teams.
Enterprise Edition
API Gateway Enterprise-Grade with SLAs Production-grade gateway with security, governance, and 24/7 support backed by SLAs.
AI Gateway Same Gateway, Now for AI LLM routing, prompt guardrails, token budgets, and a built-in MCP server, all from one gateway.
KrakenD played a vital role in our API transformation journey by protecting our business platforms boundary and exposing the business capabilities in a standard way to both internal and external audience.
Stefano Leopizzi
Enterprise Architecture, lastminute.com
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Solutions
E-Government
For Governments & Public Sector
Modernize citizen services with fully on-prem, air-gapped APIs, without compromising data sovereignty.
Open Banking
For Banks & Financial Institutions
Expose open banking APIs with strict governance, predictable performance, and zero loss of control.
E-Commerce
For Digital Commerce Platforms
Increase conversions and scale traffic safely with low-latency APIs built for revenue-critical workloads.
We began by creating a model with the community version to assess its capabilities. Once we confirmed that this tool met our needs, we opted for an enterprise license. Simply to benefit from tools that facilitate integration into our model and address specific requirements of our architecture in terms of security, data transformation, and authentication management.
Nicolas Gabetty
Senior Engineer, Coop Atlantique
More industries and real-world examples: Case studies
Contact Sales Watch a demo
Resources
Knowledge Hub
Training & Certification
Documentation
Support
Security Advisories
Developer Tools
Designer
Community Playground
Enterprise Playground
Company
About us
Blog
It seems that KrakenD does not exist because it hasn't caused any problems so far and is really fast, as promised.
Celso Zavatti
Head of Technology, Ahgora Sistemas
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Partners
Docs

Partners
Docs
Compare Open Source VS Enterprise
Contact Sales
Downloads
I don't need to think about KrakenD, it just works.
Dave McPherson
Platform Engineering Lead / Culture Amp

CVE-2025-22868 High · CVSS 7.5 False Positive

go-jose: Memory Exhaustion via Malformed Token Parsing

This CVE does not affect KrakenD

The vulnerable JWS token parsing code path is part of KrakenD’s client credentials dependency but is not reachable from untrusted external input during normal KrakenD operation. The dependency was upgraded as a precaution.

Addressed through routine dependency maintenance in CE 2.10.1 and EE 2.10.1.

Component

go-jose (go/jws)

Disclosed

Jun 19, 2025

CVSS Score

7.5

Description

The go/jws package (go-jose) before v0.27.0 does not properly validate the input size when parsing JWS tokens. A remotely supplied malformed token causes unbounded memory consumption during parsing, enabling a denial-of-service attack against any service that parses attacker-controlled tokens with the affected library. KrakenD’s client credentials component does not expose the affected JWS parsing path to untrusted input, making this a false positive for KrakenD.

References

View CVE-2025-22868 on NVD

Stay up to date with KrakenD releases and important updates