CWE-115
AllowedMisinterpretation of Input
Abstraction: Base · Status: Incomplete
The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.
48 vulnerabilities reference this CWE, most recent first.
GHSA-VC49-QC4G-2225
Vulnerability from github – Published: 2024-04-11 09:30 – Updated: 2024-04-11 09:30A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user.
{
"affected": [],
"aliases": [
"CVE-2023-32228"
],
"database_specific": {
"cwe_ids": [
"CWE-115"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-11T09:15:07Z",
"severity": "MODERATE"
},
"details": "A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user.",
"id": "GHSA-vc49-qc4g-2225",
"modified": "2024-04-11T09:30:56Z",
"published": "2024-04-11T09:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32228"
},
{
"type": "WEB",
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-391095-BT.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VFFC-QPX3-764C
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small malicious payload to the server, causing it to become unresponsive and unable to handle any requests from other users.
{
"affected": [],
"aliases": [
"CVE-2024-12388"
],
"database_specific": {
"cwe_ids": [
"CWE-115",
"CWE-1333"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-20T10:15:28Z",
"severity": "MODERATE"
},
"details": "A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small malicious payload to the server, causing it to become unresponsive and unable to handle any requests from other users.",
"id": "GHSA-vffc-qpx3-764c",
"modified": "2025-03-20T12:32:43Z",
"published": "2025-03-20T12:32:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12388"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/b1c01c94-e477-41db-9d17-601aa25e351c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W6HH-W36C-VXMW
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-21 03:39mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts in the context of the victim's browser, potentially compromising user sessions, stealing session cookies, redirecting users to malicious websites, or manipulating the DOM.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mudler/LocalAI"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.22.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-9900"
],
"database_specific": {
"cwe_ids": [
"CWE-115",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T03:39:10Z",
"nvd_published_at": "2025-03-20T10:15:50Z",
"severity": "MODERATE"
},
"details": "mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts in the context of the victim\u0027s browser, potentially compromising user sessions, stealing session cookies, redirecting users to malicious websites, or manipulating the DOM.",
"id": "GHSA-w6hh-w36c-vxmw",
"modified": "2025-03-21T03:39:11Z",
"published": "2025-03-20T12:32:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9900"
},
{
"type": "WEB",
"url": "https://github.com/mudler/localai/commit/a1634b219a4e52813e70ff07e6376a01449c4515"
},
{
"type": "PACKAGE",
"url": "https://github.com/mudler/LocalAI"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/b39cd230-db66-471b-89b9-24afaa078e68"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality"
}
GHSA-WXQ6-7GFP-QPJ4
Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-26 21:31Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ble_process_esp32_msg function. The issue results from misinterpretation of input data. An attacker can leverage this vulnerability to execute AT commands in the context of the device. Was ZDI-CAN-26368.
{
"affected": [],
"aliases": [
"CVE-2025-5826"
],
"database_specific": {
"cwe_ids": [
"CWE-115"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-25T18:15:23Z",
"severity": "MODERATE"
},
"details": "Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ble_process_esp32_msg function. The issue results from misinterpretation of input data. An attacker can leverage this vulnerability to execute AT commands in the context of the device. Was ZDI-CAN-26368.",
"id": "GHSA-wxq6-7gfp-qpj4",
"modified": "2025-06-26T21:31:13Z",
"published": "2025-06-26T21:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5826"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-345"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-X34V-HHV2-P545
Vulnerability from github – Published: 2025-06-06 18:30 – Updated: 2025-06-06 18:30WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.
{
"affected": [],
"aliases": [
"CVE-2025-5747"
],
"database_specific": {
"cwe_ids": [
"CWE-115"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-06T16:15:29Z",
"severity": "HIGH"
},
"details": "WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.",
"id": "GHSA-x34v-hhv2-p545",
"modified": "2025-06-06T18:30:32Z",
"published": "2025-06-06T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5747"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-326"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X8XR-MJ9X-6H7W
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-18 14:31Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-8jr5-v98p-w75m. This link is maintained to preserve external references.
Original Description
A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vllm"
},
"ranges": [
{
"events": [
{
"introduced": "0.11.0"
},
{
"last_affected": "0.23.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-115"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-18T14:31:36Z",
"nvd_published_at": "2026-06-17T13:20:04Z",
"severity": "MODERATE"
},
"details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of\u00a0GHSA-8jr5-v98p-w75m. This link is maintained to preserve external references.\n\n## Original Description\nA flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.",
"id": "GHSA-x8xr-mj9x-6h7w",
"modified": "2026-06-18T14:31:36Z",
"published": "2026-06-17T18:35:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12491"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-12491"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489786"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: image EXIF Rotation \u0026 PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations",
"withdrawn": "2026-06-18T14:31:36Z"
}
GHSA-XHQQ-X44F-9FGG
Vulnerability from github – Published: 2022-02-11 23:58 – Updated: 2021-05-21 21:11Impact
Given a valid SAML Response, it may be possible for an attacker to mutate the XML document in such a way that gosaml2 will trust a different portion of the document than was signed.
Depending on the implementation of the Service Provider this enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in the Identity Provider, or full authentication bypass.
Patches
Service Providers utilizing gosaml2 should upgrade to v0.6.0 or greater.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/russellhaering/gosaml2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-29509"
],
"database_specific": {
"cwe_ids": [
"CWE-115"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-21T21:11:37Z",
"nvd_published_at": "2020-12-14T20:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nGiven a valid SAML Response, it may be possible for an attacker to mutate the XML document in such a way that gosaml2 will trust a different portion of the document than was signed.\n\nDepending on the implementation of the Service Provider this enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in the Identity Provider, or full authentication bypass.\n\n### Patches\nService Providers utilizing gosaml2 should upgrade to v0.6.0 or greater.",
"id": "GHSA-xhqq-x44f-9fgg",
"modified": "2021-05-21T21:11:37Z",
"published": "2022-02-11T23:58:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29509"
},
{
"type": "WEB",
"url": "https://github.com/russellhaering/gosaml2/commit/42606dafba60c58c458f14f75c4c230459672ab9"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0060"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210129-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Authentication Bypass in github.com/russellhaering/gosaml2"
}
GHSA-XXMH-RF63-QWJV
Vulnerability from github – Published: 2025-07-30 16:40 – Updated: 2025-07-31 11:18Summary
An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended data as the packfile. Potentially, this would allow bypassing approval or hiding commits.
Details
The affected version of parsePush.ts attempts to locate the Git PACK file by looking for the last occurrence of the string "PACK" in the incoming push payload:
const packStart = buffer.lastIndexOf('PACK');
This assumes that any "PACK" string near the end of the push is the beginning of the actual binary Git packfile. However, Git objects (commits, blobs, etc.) can contain arbitrary content (including the word PACK) in binary or non-compressed blobs.
An attacker could abuse this by: 1. Crafting a custom packfile using low-level Git tools or by manually forging one 2. Placing the string "PACK" inside a commit body or a binary file blob that appears after the real PACK start in the stream.
The parser then ignores the actual push and treats the binary blob/commit body as the PACK file. The actual push contents may violate existing push policies.
PoC
- Make a commit on any branch (example:
test-branch) containing the string "PACK" - Manually generate a custom packfile with both branches using
git pack-objectsor a low-level library/custom script: a) Add the string "PACK" after the real packfile's PACK header in the binary stream - Push using a custom client/raw protocol injection
Impact
Attackers with push access can hide commits from scanning/approval and make changes that bypass policies, potentially inserting unwanted/malicious code into a GitProxy protected repository.
The vulnerability impacts all users or organizations relying on GitProxy to enforce policies and prevent unapproved changes. It requires no elevated privileges beyond regular push access, and no extra user interaction, however, it does require a considerable amount of technical skill and intentional effort to accomplish.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.19.1"
},
"package": {
"ecosystem": "npm",
"name": "@finos/git-proxy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-54584"
],
"database_specific": {
"cwe_ids": [
"CWE-115"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-30T16:40:07Z",
"nvd_published_at": "2025-07-30T20:15:38Z",
"severity": "HIGH"
},
"details": "### Summary\nAn attacker can craft a malicious Git packfile to exploit the PACK signature detection in the `parsePush.ts`. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended data as the packfile. Potentially, this would allow bypassing approval or hiding commits.\n\n### Details\nThe affected version of `parsePush.ts` attempts to locate the Git PACK file by looking for the last occurrence of the string \"PACK\" in the incoming push payload:\n\n```ts\nconst packStart = buffer.lastIndexOf(\u0027PACK\u0027);\n```\n\nThis assumes that any \"PACK\" string near the end of the push is the beginning of the actual binary Git packfile. However, Git objects (commits, blobs, etc.) can contain arbitrary content (including the word PACK) in binary or non-compressed blobs.\n\nAn attacker could abuse this by:\n1. Crafting a custom packfile using low-level Git tools or by manually forging one\n2. Placing the string \"PACK\" inside a commit body or a binary file blob that appears after the real PACK start in the stream.\n\nThe parser then ignores the actual push and treats the binary blob/commit body as the PACK file. The actual push contents may violate existing push policies.\n\n### PoC\n\n1. Make a commit on any branch (example: `test-branch`) containing the string \"PACK\"\n2. Manually generate a custom packfile with both branches using `git pack-objects` or a low-level library/custom script:\n a) Add the string \"PACK\" after the real packfile\u0027s PACK header in the binary stream\n3. Push using a custom client/raw protocol injection\n\n### Impact\n\nAttackers with push access can hide commits from scanning/approval and make changes that bypass policies, potentially inserting unwanted/malicious code into a GitProxy protected repository.\n\nThe vulnerability impacts all users or organizations relying on GitProxy to enforce policies and prevent unapproved changes. It requires no elevated privileges beyond regular push access, and no extra user interaction, however, it does require a considerable amount of technical skill and intentional effort to accomplish.",
"id": "GHSA-xxmh-rf63-qwjv",
"modified": "2025-07-31T11:18:40Z",
"published": "2025-07-30T16:40:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/finos/git-proxy/security/advisories/GHSA-xxmh-rf63-qwjv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54584"
},
{
"type": "WEB",
"url": "https://github.com/finos/git-proxy/commit/333c98a165a5a1ec88414db3d4a2c6f81e083e0f"
},
{
"type": "WEB",
"url": "https://github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3a"
},
{
"type": "PACKAGE",
"url": "https://github.com/finos/git-proxy"
},
{
"type": "WEB",
"url": "https://github.com/finos/git-proxy/releases/tag/v1.19.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
"type": "CVSS_V4"
}
],
"summary": "GitProxy Backfile Parsing Exploit"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.