github
/
advisory-database
зеркало из https://github.com/github/advisory-database.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Publish Advisories 

GHSA-2v3r-gvq5-qqgh
GHSA-j2hp-6m75-v4j4
GHSA-rh4j-5rhw-hr54
GHSA-x2j8-vjg7-386r
This commit is contained in:
advisory-database[bot] 2025-01-27 20:51:58 +00:00
Родитель 9e11b7addc
Коммит 9dd087b14f
4 изменённых файлов: 200 добавлений и 14 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

36
advisories/unreviewed/2025/01/GHSA-2v3r-gvq5-qqgh/GHSA-2v3r-gvq5-qqgh.json → advisories/github-reviewed/2025/01/GHSA-2v3r-gvq5-qqgh/GHSA-2v3r-gvq5-qqgh.json
Просмотреть файл

@ -1,14 +1,30 @@
{
"schema_version": "1.4.0",
"id": "GHSA-2v3r-gvq5-qqgh",
"modified": "2025-01-27T18:32:01Z",
"modified": "2025-01-27T20:50:34Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-55227"
],
"summary": "Dolibarr Cross-site Scripting vulnerability",
"details": "A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.",
"severity": [],
"affected": [],
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"
}
],
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "dolibarr/dolibarr"
},
"versions": [
"21.0.0-beta"
]
}
],
"references": [
{
"type": "ADVISORY",
@ -30,16 +46,22 @@
"type": "WEB",
"url": "https://gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b09489ff"
},
{
"type": "PACKAGE",
"url": "https://github.com/Dolibarr/dolibarr"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/security/policy"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"cwe_ids": [
"CWE-79"
],
"severity": "LOW",
"github_reviewed": true,
"github_reviewed_at": "2025-01-27T20:50:34Z",
"nvd_published_at": "2025-01-27T17:15:16Z"
}
}

65
advisories/github-reviewed/2025/01/GHSA-j2hp-6m75-v4j4/GHSA-j2hp-6m75-v4j4.json Normal file
Просмотреть файл

@ -0,0 +1,65 @@
{
"schema_version": "1.4.0",
"id": "GHSA-j2hp-6m75-v4j4",
"modified": "2025-01-27T20:50:21Z",
"published": "2025-01-27T20:50:21Z",
"aliases": [
"CVE-2025-24354"
],
"summary": "imgproxy is vulnerable to SSRF against 0.0.0.0",
"details": "### Summary\n\nImgproxy does not block the `0.0.0.0` address, even with `IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES` set to false. This can expose services on the local host.\n\n### Details\n\nimgproxy protects against SSRF against a loopback address with the following check ([source](https://github.com/imgproxy/imgproxy/blob/0f37d62fd8326a32c213b30dd52e2319770885d8/security/source.go#L43C1-L47C1)):\n\n```\nif !config.AllowLoopbackSourceAddresses && ip.IsLoopback() {\n\treturn ErrSourceAddressNotAllowed\n}\n```\n\nThis check is insufficient to prevent accessing services on the local host, as services may receive traffic on `0.0.0.0`. Go's `IsLoopback` ([source](https://github.com/golang/go/blob/40b3c0e58a0ae8dec4684a009bf3806769e0fc41/src/net/ip.go#L126-L131)) strictly follows the definition of loopback IPs beginning with `127`. `0.0.0.0` is not blocked.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/imgproxy/imgproxy"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "3.27.2"
}
]
}
]
}
],
"references": [
{
"type": "WEB",
"url": "https://github.com/imgproxy/imgproxy/security/advisories/GHSA-j2hp-6m75-v4j4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24354"
},
{
"type": "WEB",
"url": "https://github.com/imgproxy/imgproxy/commit/3d4fed6842aa8930ec224d0ad75b0079b858e081"
},
{
"type": "PACKAGE",
"url": "https://github.com/imgproxy/imgproxy"
}
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"severity": "MODERATE",
"github_reviewed": true,
"github_reviewed_at": "2025-01-27T20:50:21Z",
"nvd_published_at": "2025-01-27T18:15:41Z"
}
}

77
advisories/github-reviewed/2025/01/GHSA-rh4j-5rhw-hr54/GHSA-rh4j-5rhw-hr54.json Normal file
Просмотреть файл

@ -0,0 +1,77 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rh4j-5rhw-hr54",
"modified": "2025-01-27T20:50:30Z",
"published": "2025-01-27T20:50:30Z",
"aliases": [
"CVE-2025-24357"
],
"summary": "vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator",
"details": "### Description\nThe vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It use torch.load function and weights_only parameter is default value False. There is a security warning on https://pytorch.org/docs/stable/generated/torch.load.html, when torch.load load a malicious pickle data it will execute arbitrary code during unpickling.\n\n### Impact\nThis vulnerability can be exploited to execute arbitrary codes and OS commands in the victim machine who fetch the pretrained repo remotely.\n\nNote that most models now use the safetensors format, which is not vulnerable to this issue.\n\n### References\n* https://pytorch.org/docs/stable/generated/torch.load.html\n* Fix: https://github.com/vllm-project/vllm/pull/12366",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vllm"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.0"
}
]
}
]
}
],
"references": [
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24357"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/pull/12366"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/commit/d3d6bb13fb62da3234addf6574922a4ec0513d04"
},
{
"type": "PACKAGE",
"url": "https://github.com/vllm-project/vllm"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/releases/tag/v0.7.0"
},
{
"type": "WEB",
"url": "https://pytorch.org/docs/stable/generated/torch.load.html"
}
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2025-01-27T20:50:30Z",
"nvd_published_at": "2025-01-27T18:15:41Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-x2j8-vjg7-386r/GHSA-x2j8-vjg7-386r.json → advisories/github-reviewed/2025/01/GHSA-x2j8-vjg7-386r/GHSA-x2j8-vjg7-386r.json
Просмотреть файл

@ -1,14 +1,30 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x2j8-vjg7-386r",
"modified": "2025-01-27T18:32:01Z",
"modified": "2025-01-27T20:50:36Z",
"published": "2025-01-27T18:32:01Z",
"aliases": [
"CVE-2024-55228"
],
"summary": "Dolibarr Cross-site Scripting vulnerability",
"details": "A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.",
"severity": [],
"affected": [],
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"
}
],
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "dolibarr/dolibarr"
},
"versions": [
"21.0.0-beta"
]
}
],
"references": [
{
"type": "ADVISORY",
@ -30,16 +46,22 @@
"type": "WEB",
"url": "https://gist.github.com/Dqtdqt/a942bbce9a5fc851dce366902411c768"
},
{
"type": "PACKAGE",
"url": "https://github.com/Dolibarr/dolibarr"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/security/policy"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"cwe_ids": [
"CWE-79"
],
"severity": "LOW",
"github_reviewed": true,
"github_reviewed_at": "2025-01-27T20:50:36Z",
"nvd_published_at": "2025-01-27T17:15:16Z"
}
}