CWE-1289
AllowedImproper Validation of Unsafe Equivalence in Input
Abstraction: Base · Status: Incomplete
The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.
52 vulnerabilities reference this CWE, most recent first.
GHSA-86QP-5C8J-P5MR
Vulnerability from github – Published: 2026-06-04 13:15 – Updated: 2026-07-10 12:31Summary
In affected versions, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header could make request.url.path differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on request.url (rather than the raw scope path) could therefore be bypassed.
Details
When a client requests http://example.com/foo, it sends:
GET /foo HTTP/1.1
Host: example.com
Affected versions reconstructed the URL by concatenating http://{host}{path} and re-parsing the result. The Host value is only valid as a uri-host [ ":" port ] per RFC 9112 §3.2, where uri-host follows the restricted host grammar of RFC 3986 §3.2.2. When it contains characters outside that grammar - notably /, ?, or # - those characters move the path/query/fragment boundaries during re-parsing, so the parsed request.url.path no longer matches the path the server actually received. For example:
GET /foo HTTP/1.1
Host: example.com/abc?bar=
reconstructs to http://example.com/abc?bar=/foo, whose parsed path is /abc - even though routing used the real path /foo. The router still dispatches to /foo and the endpoint executes, but any middleware or code that reads request.url.path sees /abc, so path-based authorization checks can be bypassed.
Impact
Any application running an affected version that relies on request.url (or request.url.path) for security-sensitive decisions is affected. The most common case is middleware that gates access to certain path prefixes based on request.url.path. Deployments fronted by a proxy or load balancer are mitigated only if that proxy rejects or normalizes the malformed Host header before forwarding and the application does not trust attacker-controlled host headers (e.g. X-Forwarded-Host) elsewhere.
Mitigation
Upgrade to a patched version, which validates the Host header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing request.url and falls back to scope["server"] for malformed values.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.0.0"
},
"package": {
"ecosystem": "PyPI",
"name": "starlette"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48710"
],
"database_specific": {
"cwe_ids": [
"CWE-1289",
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-04T13:15:17Z",
"nvd_published_at": "2026-05-26T22:16:44Z",
"severity": "MODERATE"
},
"details": "### Summary\nIn affected versions, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed.\n\n### Details\nWhen a client requests `http://example.com/foo`, it sends:\n\n```http\nGET /foo HTTP/1.1\nHost: example.com\n```\n\nAffected versions reconstructed the URL by concatenating `http://{host}{path}` and re-parsing the result. The `Host` value is only valid as a `uri-host [ \":\" port ]` per [RFC 9112 \u00a73.2](https://www.rfc-editor.org/rfc/rfc9112.html#section-3.2-6), where `uri-host` follows the restricted `host` grammar of [RFC 3986 \u00a73.2.2](https://www.rfc-editor.org/rfc/rfc3986.html#section-3.2.2). When it contains characters outside that grammar - notably `/`, `?`, or `#` - those characters move the path/query/fragment boundaries during re-parsing, so the parsed `request.url.path` no longer matches the path the server actually received. For example:\n\n```http\nGET /foo HTTP/1.1\nHost: example.com/abc?bar=\n```\n\nreconstructs to `http://example.com/abc?bar=/foo`, whose parsed `path` is `/abc` - even though routing used the real path `/foo`. The router still dispatches to `/foo` and the endpoint executes, but any middleware or code that reads `request.url.path` sees `/abc`, so path-based authorization checks can be bypassed.\n\n### Impact\nAny application running an affected version that relies on `request.url` (or `request.url.path`) for security-sensitive decisions is affected. The most common case is middleware that gates access to certain path prefixes based on `request.url.path`. Deployments fronted by a proxy or load balancer are mitigated only if that proxy rejects or normalizes the malformed `Host` header before forwarding and the application does not trust attacker-controlled host headers (e.g. `X-Forwarded-Host`) elsewhere.\n\n### Mitigation\nUpgrade to a patched version, which validates the `Host` header against the grammar of [RFC 9112 \u00a73.2](https://www.rfc-editor.org/rfc/rfc9112.html#section-3.2-6) / [RFC 3986 \u00a73.2.2](https://www.rfc-editor.org/rfc/rfc3986.html#section-3.2.2) when constructing `request.url` and falls back to `scope[\"server\"]` for malformed values.",
"id": "GHSA-86qp-5c8j-p5mr",
"modified": "2026-07-10T12:31:35Z",
"published": "2026-06-04T13:15:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48710"
},
{
"type": "WEB",
"url": "https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6"
},
{
"type": "WEB",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette"
},
{
"type": "WEB",
"url": "https://www.secwest.net/starlette"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48710"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48710.json"
},
{
"type": "WEB",
"url": "https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/Kludex/starlette"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481742"
},
{
"type": "WEB",
"url": "https://badhost.org"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-48710"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37275"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34532"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34526"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34456"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30089"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30088"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26226"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24866"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23346"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22993"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22992"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks"
}
GHSA-95P8-CCJW-3G7F
Vulnerability from github – Published: 2026-02-11 12:30 – Updated: 2026-02-11 12:30GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.
{
"affected": [],
"aliases": [
"CVE-2026-1094"
],
"database_specific": {
"cwe_ids": [
"CWE-1289"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T12:16:04Z",
"severity": "MODERATE"
},
"details": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.",
"id": "GHSA-95p8-ccjw-3g7f",
"modified": "2026-02-11T12:30:22Z",
"published": "2026-02-11T12:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1094"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3502519"
},
{
"type": "WEB",
"url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/586483"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9RFG-V8G9-9367
Vulnerability from github – Published: 2026-05-26 23:38 – Updated: 2026-06-11 13:30As told on Discord earlier, multiple projects are affected, and we would like to coordinate. For now, we are aiming at a May 6th release date, but this is not set in stone yet.
Summary
An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have received.
Details
The vulnerability essentially boils down to the signature being on the canonical RDF graph representation of the JSON-LD document, and JSON-LD offering many ways to represent the same graph.
One of the issues is that by taking a signed Activity with an embedded object, an attacker can move the top-level Activity to a @graph property and move the activity's object to the top-level. Such a transformation preserves the signature and changes how the payload is interpreted by pretty much all ActivityPub implementations, making them process the object and ignore the formely-top-level activity. This can be used when the graph contains an embedded activity. In Mastodon, that is the case of { "type": "Undo", "object": { "type": "Announce" } }, but other implementations may sign other activities that can be exploited in the same way.
The @reverse keyword can also be used to change the shape of a JSON-LD document without changing the underlying graph, and could be used in a similar way to reverse an Activity and its object.
Another problematic feature is @included, which can be used to “move” properties outside of the normal tree, effectively making them invisible to most ActivityPub implementations, while, again, preserving the signature. This allows removing statuses or actor properties once a signed Create or Update activity is received.
Given that we have seen no use of @graph, @included or @reverse in ActivityPub payloads and that they are very complex to handle correctly (the only JSON-LD API functions that “normalize” @included and @reverse are flattening and framing, which both lose the root node), we have decided to reject them, and recommend you do so as well.
Detection of @graph, @included and @reverse should happen after compacting the incoming activity to your context, as aliases can be used for those keywords.
Additionally, after a quick scan of Fedify's source code, I could not verify that JSON-LD documents with a verified Linked Data Signature were compacted against your local JSON-LD context. Not doing that allows an attacker to rename aliases to non-standard names and use non-mapped aliases to replace existing values, while still leaving the signature intact. This allows an attacker to essentially replace arbitrary portions of any signed JSON-LD document and completely forge any activity while still passing verification. A similar issue was fixed in Mastodon a few years ago: https://github.com/mastodon/mastodon/pull/17426.
Impact
The impact is difficult to assess as this depends on the types of activities that are actually signed and processed in the wild.
The @included keyword allows “removing” arbitrary attributes, thus allowing replaying Create and Update activities while stripping away any attribute, such as content or metadata, which can lead to integrity and availability issues, although confidentiality issues are unlikely.
The @graph and @reverse keywords allow changing the root activity, which in the case of Mastodon allows sending an Announce from a Undo { Announce }, but might have wider consequences depending on what various servers sign.
The lack of compacting can allow rewriting any activity arbitrarily, thus leading to major integrity, availability, and possibly confidentiality issues (e.g. by replacing an actor's inbox).
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@fedify/fedify"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@fedify/fedify"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@fedify/fedify"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@fedify/fedify"
},
"ranges": [
{
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@fedify/fedify"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42462"
],
"database_specific": {
"cwe_ids": [
"CWE-1289",
"CWE-180",
"CWE-347",
"CWE-436"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-26T23:38:37Z",
"nvd_published_at": "2026-06-10T22:16:57Z",
"severity": "HIGH"
},
"details": "As told on Discord earlier, multiple projects are affected, and we would like to coordinate. For now, we are aiming at a May 6th release date, but this is not set in stone yet.\n\n### Summary\n\nAn attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have received.\n\n### Details\n\nThe vulnerability essentially boils down to the signature being on the canonical RDF graph representation of the JSON-LD document, and JSON-LD offering many ways to represent the same graph.\n\nOne of the issues is that by taking a signed `Activity` with an embedded `object`, an attacker can move the top-level `Activity` to a `@graph` property and move the activity\u0027s `object` to the top-level. Such a transformation preserves the signature and changes how the payload is interpreted by pretty much all ActivityPub implementations, making them process the object and ignore the formely-top-level activity. This can be used when the graph contains an embedded activity. In Mastodon, that is the case of `{ \"type\": \"Undo\", \"object\": { \"type\": \"Announce\" } }`, but other implementations may sign other activities that can be exploited in the same way.\n\nThe `@reverse` keyword can also be used to change the shape of a JSON-LD document without changing the underlying graph, and could be used in a similar way to reverse an `Activity` and its `object`.\n\nAnother problematic feature is `@included`, which can be used to \u201cmove\u201d properties outside of the normal tree, effectively making them invisible to most ActivityPub implementations, while, again, preserving the signature. This allows removing statuses or actor properties once a signed `Create` or `Update` activity is received.\n\nGiven that we have seen no use of `@graph`, `@included` or `@reverse` in ActivityPub payloads and that they are very complex to handle correctly (the only JSON-LD API functions that \u201cnormalize\u201d `@included` and `@reverse` are flattening and framing, which both lose the root node), we have decided to reject them, and recommend you do so as well.\n\nDetection of `@graph`, `@included` and `@reverse` should happen after compacting the incoming activity to your context, as aliases can be used for those keywords.\n\nAdditionally, after a quick scan of Fedify\u0027s source code, I could not verify that JSON-LD documents with a verified Linked Data Signature were compacted against your local JSON-LD context. Not doing that allows an attacker to rename aliases to non-standard names and use non-mapped aliases to replace existing values, while still leaving the signature intact. This allows an attacker to essentially replace arbitrary portions of any signed JSON-LD document and completely forge any activity while still passing verification. A similar issue was fixed in Mastodon a few years ago: https://github.com/mastodon/mastodon/pull/17426.\n\n### Impact\n\nThe impact is difficult to assess as this depends on the types of activities that are actually signed and processed in the wild.\n\nThe `@included` keyword allows \u201cremoving\u201d arbitrary attributes, thus allowing replaying `Create` and `Update` activities while stripping away any attribute, such as content or metadata, which can lead to integrity and availability issues, although confidentiality issues are unlikely.\n\nThe `@graph` and `@reverse` keywords allow changing the root activity, which in the case of Mastodon allows sending an `Announce` from a `Undo { Announce }`, but might have wider consequences depending on what various servers sign.\n\nThe lack of compacting can allow rewriting any activity arbitrarily, thus leading to major integrity, availability, and possibly confidentiality issues (e.g. by replacing an actor\u0027s `inbox`).",
"id": "GHSA-9rfg-v8g9-9367",
"modified": "2026-06-11T13:30:30Z",
"published": "2026-05-26T23:38:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fedify-dev/fedify/security/advisories/GHSA-9rfg-v8g9-9367"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42462"
},
{
"type": "PACKAGE",
"url": "https://github.com/fedify-dev/fedify"
},
{
"type": "WEB",
"url": "https://github.com/fedify-dev/fedify/releases/tag/2.2.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring"
}
GHSA-CRV5-9VWW-Q3G8
Vulnerability from github – Published: 2026-04-22 17:32 – Updated: 2026-04-27 16:32Summary
| Field | Value |
|---|---|
| Severity | Medium |
| Affected | DOMPurify main at 883ac15, introduced in v1.0.10 (7fc196db) |
SAFE_FOR_TEMPLATES strips {{...}} expressions from untrusted HTML. This works in string mode but not with RETURN_DOM or RETURN_DOM_FRAGMENT, allowing XSS via template-evaluating frameworks like Vue 2.
Technical Details
DOMPurify strips template expressions in two passes:
- Per-node — each text node is checked during the tree walk (
purify.ts:1179-1191):
// pass #1: runs on every text node during tree walk
if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) {
content = currentNode.textContent;
content = content.replace(MUSTACHE_EXPR, ' '); // {{...}} -> ' '
content = content.replace(ERB_EXPR, ' '); // <%...%> -> ' '
content = content.replace(TMPLIT_EXPR, ' '); // ${... -> ' '
currentNode.textContent = content;
}
- Final string scrub — after serialization, the full HTML string is scrubbed again (
purify.ts:1679-1683). This is the safety net that catches expressions that only form after the DOM settles.
The RETURN_DOM path returns before pass #2 ever runs (purify.ts:1637-1661):
// purify.ts (simplified)
if (RETURN_DOM) {
// ... build returnNode ...
return returnNode; // <-- exits here, pass #2 never runs
}
// pass #2: only reached by string-mode callers
if (SAFE_FOR_TEMPLATES) {
serializedHTML = serializedHTML.replace(MUSTACHE_EXPR, ' ');
}
return serializedHTML;
The payload {<foo></foo>{constructor.constructor('alert(1)')()}<foo></foo>} exploits this:
- Parser creates:
TEXT("{")→<foo>→TEXT("{payload}")→<foo>→TEXT("}")— no single node contains{{, so pass #1 misses it <foo>is not allowed, so DOMPurify removes it but keeps surrounding text- The three text nodes are now adjacent —
.outerHTMLreads them as{{payload}}, which Vue 2 compiles and executes
Reproduce
Open the following html in any browser and alert(1) pops up.
<!DOCTYPE html>
<html>
<body>
<script src="https://cdn.jsdelivr.net/npm/dompurify@3.3.3/dist/purify.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/vue@2.7.16/dist/vue.min.js"></script>
<script>
var dirty = '<div id="app">{<foo></foo>{constructor.constructor("alert(1)")()}<foo></foo>}</div>';
var dom = DOMPurify.sanitize(dirty, { SAFE_FOR_TEMPLATES: true, RETURN_DOM: true });
document.body.appendChild(dom.firstChild);
new Vue({ el: '#app' });
</script>
</body>
</html>
Impact
Any application that sanitizes attacker-controlled HTML with SAFE_FOR_TEMPLATES: true and RETURN_DOM: true (or RETURN_DOM_FRAGMENT: true), then mounts the result into a template-evaluating framework, is vulnerable to XSS.
Recommendations
Fix
normalize() merges the split text nodes, then the same regex from the string path catches the expression. Placed before the fragment logic, this fixes both RETURN_DOM and RETURN_DOM_FRAGMENT.
if (RETURN_DOM) {
+ if (SAFE_FOR_TEMPLATES) {
+ body.normalize();
+ let html = body.innerHTML;
+ arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr: RegExp) => {
+ html = stringReplace(html, expr, ' ');
+ });
+ body.innerHTML = html;
+ }
+
if (RETURN_DOM_FRAGMENT) {
returnNode = createDocumentFragment.call(body.ownerDocument);
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "dompurify"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.10"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41239"
],
"database_specific": {
"cwe_ids": [
"CWE-1289",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T17:32:54Z",
"nvd_published_at": "2026-04-23T16:16:26Z",
"severity": "MODERATE"
},
"details": "## Summary\n\n| Field | Value |\n|:------|:------|\n| **Severity** | Medium |\n| **Affected** | DOMPurify `main` at [`883ac15`](https://github.com/cure53/DOMPurify/tree/883ac15d47f907cb1a3b5a152fe90c4d8c10f9e6), introduced in v1.0.10 ([`7fc196db`](https://github.com/cure53/DOMPurify/commit/7fc196db0b42a0c360262dba0cc39c9c91bfe1ec)) |\n\n`SAFE_FOR_TEMPLATES` strips `{{...}}` expressions from untrusted HTML. This works in string mode but not with `RETURN_DOM` or `RETURN_DOM_FRAGMENT`, allowing XSS via template-evaluating frameworks like Vue 2.\n\n## Technical Details\n\nDOMPurify strips template expressions in two passes:\n\n1. **Per-node** \u2014 each text node is checked during the tree walk ([`purify.ts:1179-1191`](https://github.com/cure53/DOMPurify/blob/883ac15d47f907cb1a3b5a152fe90c4d8c10f9e6/src/purify.ts#L1179-L1191)):\n\n```js\n// pass #1: runs on every text node during tree walk\nif (SAFE_FOR_TEMPLATES \u0026\u0026 currentNode.nodeType === NODE_TYPE.text) {\n content = currentNode.textContent;\n content = content.replace(MUSTACHE_EXPR, \u0027 \u0027); // {{...}} -\u003e \u0027 \u0027\n content = content.replace(ERB_EXPR, \u0027 \u0027); // \u003c%...%\u003e -\u003e \u0027 \u0027\n content = content.replace(TMPLIT_EXPR, \u0027 \u0027); // ${... -\u003e \u0027 \u0027\n currentNode.textContent = content;\n}\n```\n\n2. **Final string scrub** \u2014 after serialization, the full HTML string is scrubbed again ([`purify.ts:1679-1683`](https://github.com/cure53/DOMPurify/blob/883ac15d47f907cb1a3b5a152fe90c4d8c10f9e6/src/purify.ts#L1679-L1683)). This is the safety net that catches expressions that only form after the DOM settles.\n\nThe `RETURN_DOM` path returns before pass #2 ever runs ([`purify.ts:1637-1661`](https://github.com/cure53/DOMPurify/blob/883ac15d47f907cb1a3b5a152fe90c4d8c10f9e6/src/purify.ts#L1637-L1661)):\n\n```js\n// purify.ts (simplified)\n\nif (RETURN_DOM) {\n // ... build returnNode ...\n return returnNode; // \u003c-- exits here, pass #2 never runs\n}\n\n// pass #2: only reached by string-mode callers\nif (SAFE_FOR_TEMPLATES) {\n serializedHTML = serializedHTML.replace(MUSTACHE_EXPR, \u0027 \u0027);\n}\nreturn serializedHTML;\n```\n\nThe payload `{\u003cfoo\u003e\u003c/foo\u003e{constructor.constructor(\u0027alert(1)\u0027)()}\u003cfoo\u003e\u003c/foo\u003e}` exploits this:\n\n1. Parser creates: `TEXT(\"{\")` \u2192 `\u003cfoo\u003e` \u2192 `TEXT(\"{payload}\")` \u2192 `\u003cfoo\u003e` \u2192 `TEXT(\"}\")` \u2014 no single node contains `{{`, so pass #1 misses it\n2. `\u003cfoo\u003e` is not allowed, so DOMPurify removes it but keeps surrounding text\n3. The three text nodes are now adjacent \u2014 `.outerHTML` reads them as `{{payload}}`, which Vue 2 compiles and executes\n\n## Reproduce\n\nOpen the following html in any browser and `alert(1)` pops up.\n\n```html\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n\n\u003cbody\u003e\n \u003cscript src=\"https://cdn.jsdelivr.net/npm/dompurify@3.3.3/dist/purify.min.js\"\u003e\u003c/script\u003e\n \u003cscript src=\"https://cdn.jsdelivr.net/npm/vue@2.7.16/dist/vue.min.js\"\u003e\u003c/script\u003e\n \u003cscript\u003e\n var dirty = \u0027\u003cdiv id=\"app\"\u003e{\u003cfoo\u003e\u003c/foo\u003e{constructor.constructor(\"alert(1)\")()}\u003cfoo\u003e\u003c/foo\u003e}\u003c/div\u003e\u0027;\n var dom = DOMPurify.sanitize(dirty, { SAFE_FOR_TEMPLATES: true, RETURN_DOM: true });\n document.body.appendChild(dom.firstChild);\n new Vue({ el: \u0027#app\u0027 });\n \u003c/script\u003e\n\u003c/body\u003e\n\n\u003c/html\u003e\n```\n\n## Impact\n\nAny application that sanitizes attacker-controlled HTML with `SAFE_FOR_TEMPLATES: true` and `RETURN_DOM: true` (or `RETURN_DOM_FRAGMENT: true`), then mounts the result into a template-evaluating framework, is vulnerable to XSS.\n\n## Recommendations\n\n### Fix\n\n`normalize()` merges the split text nodes, then the same regex from the string path catches the expression. Placed before the fragment logic, this fixes both `RETURN_DOM` and `RETURN_DOM_FRAGMENT`.\n\n```diff\n if (RETURN_DOM) {\n+ if (SAFE_FOR_TEMPLATES) {\n+ body.normalize();\n+ let html = body.innerHTML;\n+ arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr: RegExp) =\u003e {\n+ html = stringReplace(html, expr, \u0027 \u0027);\n+ });\n+ body.innerHTML = html;\n+ }\n+\n if (RETURN_DOM_FRAGMENT) {\n returnNode = createDocumentFragment.call(body.ownerDocument);\n```",
"id": "GHSA-crv5-9vww-q3g8",
"modified": "2026-04-27T16:32:12Z",
"published": "2026-04-22T17:32:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-crv5-9vww-q3g8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41239"
},
{
"type": "PACKAGE",
"url": "https://github.com/cure53/DOMPurify"
},
{
"type": "WEB",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode"
}
GHSA-FFF7-GX98-VR3G
Vulnerability from github – Published: 2026-06-04 18:30 – Updated: 2026-06-04 21:31Net::CIDR::Set versions through 0.20 for Perl did not validate network masks.
The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661), or non-digits, which were ignored. This could allow network masks to accept larger networks.
Leading zeros were also accepted, but treated as decimal instead of octal. This could lead to confusion about what networks are acceptable.
{
"affected": [],
"aliases": [
"CVE-2026-49942"
],
"database_specific": {
"cwe_ids": [
"CWE-1289"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T17:16:33Z",
"severity": "HIGH"
},
"details": "Net::CIDR::Set versions through 0.20 for Perl did not validate network masks.\n\nThe mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661), or non-digits, which were ignored. This could allow network masks to accept larger networks.\n\nLeading zeros were also accepted, but treated as decimal instead of octal. This could lead to confusion about what networks are acceptable.",
"id": "GHSA-fff7-gx98-vr3g",
"modified": "2026-06-04T21:31:21Z",
"published": "2026-06-04T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40911"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45191"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49942"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/RRWO/Net-CIDR-Set-0.21/changes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FRQ3-H54X-6725
Vulnerability from github – Published: 2024-08-06 21:30 – Updated: 2024-08-08 15:311Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms.
{
"affected": [],
"aliases": [
"CVE-2024-42218"
],
"database_specific": {
"cwe_ids": [
"CWE-1289"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-06T21:16:03Z",
"severity": "MODERATE"
},
"details": "1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms.",
"id": "GHSA-frq3-h54x-6725",
"modified": "2024-08-08T15:31:28Z",
"published": "2024-08-06T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42218"
},
{
"type": "WEB",
"url": "https://app-updates.agilebits.com"
},
{
"type": "WEB",
"url": "https://support.1password.com/kb/202408"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FV83-X2XW-2J55
Vulnerability from github – Published: 2026-04-08 03:32 – Updated: 2026-07-15 12:31When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
{
"affected": [],
"aliases": [
"CVE-2026-33810"
],
"database_specific": {
"cwe_ids": [
"CWE-1289",
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-08T02:16:03Z",
"severity": "HIGH"
},
"details": "When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.",
"id": "GHSA-fv83-x2xw-2j55",
"modified": "2026-07-15T12:31:45Z",
"published": "2026-04-08T03:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24478"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26568"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26571"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26585"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28047"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29854"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34365"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36651"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36796"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39810"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"type": "WEB",
"url": "https://go.dev/cl/763763"
},
{
"type": "WEB",
"url": "https://go.dev/issue/78332"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33810.json"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10155"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14391"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19135"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19144"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19353"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19719"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19720"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19721"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22485"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22958"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22959"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22960"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22961"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22962"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/19/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/20/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FW62-67J2-4WMC
Vulnerability from github – Published: 2026-05-10 21:30 – Updated: 2026-05-11 18:31Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass.
Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value.
See also CVE-2026-45190.
{
"affected": [],
"aliases": [
"CVE-2026-45191"
],
"database_specific": {
"cwe_ids": [
"CWE-1289"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-10T21:16:29Z",
"severity": "MODERATE"
},
"details": "Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass.\n\nMask forms like \"/00\" and \"/01\" pass validation and parse to the same prefix as their unpadded value.\n\nSee also CVE-2026-45190.",
"id": "GHSA-fw62-67j2-4wmc",
"modified": "2026-05-11T18:31:43Z",
"published": "2026-05-10T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45191"
},
{
"type": "WEB",
"url": "https://github.com/stigtsp/Net-CIDR-Lite/commit/24e2c439ec405e5256024b9acefd4f7008c5ed0c.patch"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.24/changes"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45190"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-GX25-V2F3-PPXQ
Vulnerability from github – Published: 2026-03-17 21:31 – Updated: 2026-03-17 21:31Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.
{
"affected": [],
"aliases": [
"CVE-2026-3563"
],
"database_specific": {
"cwe_ids": [
"CWE-1289"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-17T20:16:14Z",
"severity": "MODERATE"
},
"details": "Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.",
"id": "GHSA-gx25-v2f3-ppxq",
"modified": "2026-03-17T21:31:45Z",
"published": "2026-03-17T21:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3563"
},
{
"type": "WEB",
"url": "https://devolutions.net/security/advisories/DEVO-2026-0008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-H6C8-CWW8-35HF
Vulnerability from github – Published: 2026-03-26 17:21 – Updated: 2026-03-27 21:30Description
In OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request.
Am I Affected?
Users are affected if the following preconditions are met: 1. The model has relations which rely on condition evaluation. 1. Caching is enabled.
Fix
Upgrade to OpenFGA v1.13.1.
Acknowledgement
OpenFGA would like to thank @Amemoyoi for the discovery and responsible disclosure.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/openfga/openfga"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33729"
],
"database_specific": {
"cwe_ids": [
"CWE-1289",
"CWE-20",
"CWE-345"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-26T17:21:50Z",
"nvd_published_at": "2026-03-27T01:16:20Z",
"severity": "MODERATE"
},
"details": "### Description\nIn OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request.\n\n### Am I Affected?\nUsers are affected if the following preconditions are met:\n1. The model has relations which rely on condition evaluation.\n1. Caching is enabled.\n\n### Fix\nUpgrade to OpenFGA v1.13.1.\n\n### Acknowledgement\nOpenFGA would like to thank @Amemoyoi for the discovery and responsible disclosure.",
"id": "GHSA-h6c8-cww8-35hf",
"modified": "2026-03-27T21:30:41Z",
"published": "2026-03-26T17:21:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-h6c8-cww8-35hf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33729"
},
{
"type": "WEB",
"url": "https://github.com/openfga/openfga/commit/049b50ccd2cc7e163bd897f3d17a7b859ad146f8"
},
{
"type": "PACKAGE",
"url": "https://github.com/openfga/openfga"
},
{
"type": "WEB",
"url": "https://github.com/openfga/openfga/releases/tag/v1.13.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "OpenFGA has an Authorization Bypass through cached keys"
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
No CAPEC attack patterns related to this CWE.