Common Weakness Enumeration

CWE-358

Allowed

Improperly Implemented Security Check for Standard

Abstraction: Base · Status: Draft

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

197 vulnerabilities reference this CWE, most recent first.

GHSA-CV2C-4QF9-J5CW

Vulnerability from github – Published: 2023-06-13 18:30 – Updated: 2024-04-04 04:47
VLAI
Details

Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28601"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T18:15:21Z",
    "severity": "MODERATE"
  },
  "details": "Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability.  A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.",
  "id": "GHSA-cv2c-4qf9-j5cw",
  "modified": "2024-04-04T04:47:40Z",
  "published": "2023-06-13T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28601"
    },
    {
      "type": "WEB",
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CW94-F4VJ-5VXM

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:27
VLAI
Details

cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-01T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).",
  "id": "GHSA-cw94-f4vj-5vxm",
  "modified": "2024-04-04T01:27:38Z",
  "published": "2022-05-24T16:52:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10825"
    },
    {
      "type": "WEB",
      "url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CWC7-2FMX-FFFQ

Vulnerability from github – Published: 2026-03-19 18:31 – Updated: 2026-04-29 21:31
VLAI
Details

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2645"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-19T18:16:22Z",
    "severity": "MODERATE"
  },
  "details": "In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.",
  "id": "GHSA-cwc7-2fmx-fffq",
  "modified": "2026-04-29T21:31:19Z",
  "published": "2026-03-19T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2645"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/pull/9694"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CWWM-HR97-QFXM

Vulnerability from github – Published: 2025-06-06 21:41 – Updated: 2025-06-10 19:58
VLAI
Summary
SpiceDB checks involving relations with caveats can result in no permission when permission is expected
Details

Impact

On schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected.

For example, given this schema:

definition user {}

definition office {
    relation parent: office
    relation manager: user
    permission read = manager + parent->read
}

definition group {
    relation parent: office
    permission read = parent->read
}

definition document {
    relation owner: group with equals
    permission read = owner->read
}

caveat equals(actual string, required string) {
    actual == required
}

and these relationships:

office:headoffice#manager@user:maria
office:branch1#parent@office:headoffice
group:admins#parent@office:branch1
group:managers#parent@office:headoffice
document:budget#owner@group:admins[equals:{"required":"admin"}]
document:budget#owner@group:managers[equals:{"required":"manager"}]

Permission for 'document:budget#read@user:maria with {"actual" : "admin"}' is returned as NO_PERMISSION when HAS_PERMISSION is the correct answer.

Patches

Upgrade to v1.44.2.

Workarounds

Do not use caveats in your schema over an arrow’ed relation.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.44.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/authzed/spicedb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.44.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-49011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-06T21:41:00Z",
    "nvd_published_at": "2025-06-06T18:15:35Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nOn schemas involving arrows with caveats on the arrow\u2019ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected.\n\nFor example, given this schema:\n\n```\ndefinition user {}\n\ndefinition office {\n\trelation parent: office\n\trelation manager: user\n\tpermission read = manager + parent-\u003eread\n}\n\ndefinition group {\n\trelation parent: office\n\tpermission read = parent-\u003eread\n}\n\ndefinition document {\n\trelation owner: group with equals\n\tpermission read = owner-\u003eread\n}\n\ncaveat equals(actual string, required string) {\n\tactual == required\n}\n```\n\nand these relationships:\n\n```\noffice:headoffice#manager@user:maria\noffice:branch1#parent@office:headoffice\ngroup:admins#parent@office:branch1\ngroup:managers#parent@office:headoffice\ndocument:budget#owner@group:admins[equals:{\"required\":\"admin\"}]\ndocument:budget#owner@group:managers[equals:{\"required\":\"manager\"}]\n```\n\nPermission for `\u0027document:budget#read@user:maria with {\"actual\" : \"admin\"}\u0027` is returned as NO_PERMISSION when HAS_PERMISSION is the correct answer.\n\n### Patches\nUpgrade to v1.44.2.\n\n### Workarounds\nDo not use caveats in your schema over an arrow\u2019ed relation.",
  "id": "GHSA-cwwm-hr97-qfxm",
  "modified": "2025-06-10T19:58:49Z",
  "published": "2025-06-06T21:41:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/authzed/spicedb/security/advisories/GHSA-cwwm-hr97-qfxm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49011"
    },
    {
      "type": "WEB",
      "url": "https://github.com/authzed/spicedb/commit/fe8dd9f491f6975b3408c401e413a530eb181a67"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/authzed/spicedb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/authzed/spicedb/releases/tag/v1.44.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SpiceDB checks involving relations with caveats can result in no permission when permission is expected"
}

GHSA-F5H4-WMP5-XHG6

Vulnerability from github – Published: 2023-06-30 20:29 – Updated: 2023-12-21 16:40
VLAI
Summary
Client Spoofing within the Keycloak Device Authorisation Grant
Details

Under certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a device_code to retrieve an access token for other OAuth clients.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "21.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-server-spi-private"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "21.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-2585"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-30T20:29:25Z",
    "nvd_published_at": "2023-12-21T10:15:34Z",
    "severity": "LOW"
  },
  "details": "Under certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a device_code to retrieve an access token for other OAuth clients.",
  "id": "GHSA-f5h4-wmp5-xhg6",
  "modified": "2023-12-21T16:40:05Z",
  "published": "2023-06-30T20:29:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2585"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:3883"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:3884"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:3885"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:3888"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:3892"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-2585"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196335"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Client Spoofing within the Keycloak Device Authorisation Grant"
}

GHSA-F65R-H4G3-3H9H

Vulnerability from github – Published: 2026-06-26 20:34 – Updated: 2026-06-26 20:34
VLAI
Summary
Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication
Details

Summary

In backpropagate >= 1.1.0, the optional Reflex web UI (pip install backpropagate[ui], launched via backprop ui) exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push.

The CLI accepts two operator-facing flags intended as security controls:

  • --auth user:pass — documented as "require HTTP Basic authentication on every request to the UI."
  • --share — documented as "expose the UI on a public address; requires --auth."

When --auth user:pass is passed, the CLI prints Auth: enabled (user: <username>) to confirm to the operator that authentication is active, then exports BACKPROPAGATE_UI_AUTH=user:pass to the subprocess that launches the Reflex backend.

The Reflex backend (backpropagate/ui_app/**) never reads BACKPROPAGATE_UI_AUTH. No authentication middleware is registered. No request-level guard runs. No WebSocket upgrade guard runs. Any client that reaches the bound port — local or remote, depending on whether --share is used — has full UI access.

An inline comment at backpropagate/cli.py:1217-1218 in the v1.1.0 source documents the gap: "For Phase 1 the variable is exported but Reflex doesn't read it yet." This comment was internal-facing; the user-facing documentation (README, CHANGELOG, SHIP_GATE) advertised the contract as enforced.

This advisory is filed primarily because the runtime contradicted an operator-facing security claim. Code-only bugs of comparable shape (auth check missing entirely from a path) would already warrant disclosure; the additional false-promise dimension raises the severity.

Impact

An attacker who reaches the bound port can:

  • Read uploaded datasets rendered in the UI preview, including content of any JSONL/CSV/TXT file the legitimate operator has uploaded for fine-tuning.
  • Trigger arbitrary training runs against any base model the operator has installed locally or that can be downloaded from HuggingFace.
  • Trigger HuggingFace Hub pushes to repositories named via the UI input (subject to the operator's local HF token's scope — typically all repos owned by the operator).
  • Cause disk-fill DoS via the rx.upload endpoint (no size cap, no extension filter, no per-session count cap in v1.1.0 / v1.1.1).
  • Read model paths (source_model_path, dataset_path, model, uploaded_path) which are user-supplied and bypass the safe_path() helper that lives in backpropagate/ui_security.py (path validation is dead code on the Reflex surface in v1.1.0 / v1.1.1).

The combination of unauthenticated training control, HF push target spoofing, and path-input traversal makes the affected endpoint suitable for both data exfiltration (reading uploaded training data) and supply-chain attacks (pushing tampered model weights to the operator's HF account).

The local-only default (no --share) reduces exposure to a host-local attacker. The --share flag is documented as a "public URL" feature; operators who used --share --auth user:pass had no warning that the auth half was inert.

Patches

Fixed in v1.2.0 (released 2026-05-23). The patch implements real ASGI middleware via rx.App(api_transformer=basic_auth_transformer) that gates HTTP routes AND the /_event WebSocket upgrade. Four modes (no_auth_local_only / token_auto / explicit_creds / production), HMAC-signed cookie validated PRE-websocket.accept(), Host + Origin allowlists. The middleware ships alongside a 4-layer defense in depth at the cli.py / ui_app/app.py / rxconfig.py / env-strip surfaces so direct python -m reflex run invocations (bypassing the CLI guard) also enforce authentication.

Upgrade with:

  • pip: pip install --upgrade backpropagate
  • npm: npm install -g @mcptoolshop/backpropagate@latest

Full release notes: https://github.com/mcp-tool-shop-org/backpropagate/blob/main/CHANGELOG.md#120---2026-05-23

Workarounds

If users cannot upgrade immediately:

  1. Do not pass --auth or --share to backprop ui. Run the UI with no flags (backprop ui); it will bind to localhost and accept any client that can reach 127.0.0.1.
  2. For remote access, use SSH port-forwarding instead of --share: # On the client: ssh -L 7860:localhost:7860 <training-host> # On the server: backprop ui # no --share # Then open http://localhost:7860 in your local browser. SSH provides the authentication layer the Reflex UI did not.
  3. Audit existing deployments. If any host running backpropagate >= 1.1.0 has previously been launched with --share, treat any uploaded training data, model paths, or HF push targets visible in that UI session as potentially exposed. Re-issue HF tokens that have been in use during such sessions.

Binary distribution gap. Standalone binaries (Windows .exe / macOS .app via PyInstaller) failed to build for v1.2.0 and will land in a follow-up patch release. In the interim, users who relied on the v1.1.x binary distribution should install the patched version via pip install backpropagate==1.2.0 to receive the auth-bypass fix. The v1.2.0 PyPI package and @mcptoolshop/backpropagate@1.2.0 npm package both carry the patched code.

Credit

Discovered by the dogfood-swarm Stage A audit on 2026-05-22 (finding ID FRONTEND-A-001, classified CRITICAL). The audit also surfaced contradicting documentation in CHANGELOG / SHIP_GATE / README; those were corrected in v1.2.0 alongside the runtime fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "backpropagate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@mcptoolshop/backpropagate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48797"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1295",
      "CWE-358",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-26T20:34:29Z",
    "nvd_published_at": "2026-06-17T13:20:43Z",
    "severity": "CRITICAL"
  },
  "details": "## Summary\n\nIn `backpropagate \u003e= 1.1.0`, the optional Reflex web UI (`pip install backpropagate[ui]`, launched via `backprop ui`) exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push.\n\nThe CLI accepts two operator-facing flags intended as security controls:\n\n- `--auth user:pass` \u2014 documented as \"require HTTP Basic authentication on every request to the UI.\"\n- `--share` \u2014 documented as \"expose the UI on a public address; requires `--auth`.\"\n\nWhen `--auth user:pass` is passed, the CLI prints `Auth: enabled (user: \u003cusername\u003e)` to confirm to the operator that authentication is active, then exports `BACKPROPAGATE_UI_AUTH=user:pass` to the subprocess that launches the Reflex backend.\n\n**The Reflex backend (`backpropagate/ui_app/**`) never reads `BACKPROPAGATE_UI_AUTH`.** No authentication middleware is registered. No request-level guard runs. No WebSocket upgrade guard runs. Any client that reaches the bound port \u2014 local or remote, depending on whether `--share` is used \u2014 has full UI access.\n\nAn inline comment at `backpropagate/cli.py:1217-1218` in the v1.1.0 source documents the gap: *\"For Phase 1 the variable is exported but Reflex doesn\u0027t read it yet.\"* This comment was internal-facing; the user-facing documentation (README, CHANGELOG, SHIP_GATE) advertised the contract as enforced.\n\nThis advisory is filed primarily because the runtime contradicted an operator-facing security claim. Code-only bugs of comparable shape (auth check missing entirely from a path) would already warrant disclosure; the additional false-promise dimension raises the severity.\n\n## Impact\n\nAn attacker who reaches the bound port can:\n\n- **Read uploaded datasets** rendered in the UI preview, including content of any JSONL/CSV/TXT file the legitimate operator has uploaded for fine-tuning.\n- **Trigger arbitrary training runs** against any base model the operator has installed locally or that can be downloaded from HuggingFace.\n- **Trigger HuggingFace Hub pushes** to repositories named via the UI input (subject to the operator\u0027s local HF token\u0027s scope \u2014 typically all repos owned by the operator).\n- **Cause disk-fill DoS** via the `rx.upload` endpoint (no size cap, no extension filter, no per-session count cap in v1.1.0 / v1.1.1).\n- **Read model paths** (`source_model_path`, `dataset_path`, `model`, `uploaded_path`) which are user-supplied and bypass the `safe_path()` helper that lives in `backpropagate/ui_security.py` (path validation is dead code on the Reflex surface in v1.1.0 / v1.1.1).\n\nThe combination of unauthenticated training control, HF push target spoofing, and path-input traversal makes the affected endpoint suitable for both data exfiltration (reading uploaded training data) and supply-chain attacks (pushing tampered model weights to the operator\u0027s HF account).\n\nThe local-only default (no `--share`) reduces exposure to a host-local attacker. The `--share` flag is documented as a \"public URL\" feature; operators who used `--share --auth user:pass` had no warning that the auth half was inert.\n\n## Patches\n\nFixed in **v1.2.0** (released 2026-05-23). The patch implements real ASGI middleware via `rx.App(api_transformer=basic_auth_transformer)` that gates HTTP routes AND the `/_event` WebSocket upgrade. Four modes (`no_auth_local_only` / `token_auto` / `explicit_creds` / `production`), HMAC-signed cookie validated PRE-`websocket.accept()`, Host + Origin allowlists. The middleware ships alongside a 4-layer defense in depth at the cli.py / ui_app/app.py / rxconfig.py / env-strip surfaces so direct `python -m reflex run` invocations (bypassing the CLI guard) also enforce authentication.\n\nUpgrade with:\n\n- pip: `pip install --upgrade backpropagate`\n- npm: `npm install -g @mcptoolshop/backpropagate@latest`\n\nFull release notes: https://github.com/mcp-tool-shop-org/backpropagate/blob/main/CHANGELOG.md#120---2026-05-23\n\n## Workarounds\n\nIf users cannot upgrade immediately:\n\n1. **Do not pass `--auth` or `--share` to `backprop ui`.** Run the UI with no flags (`backprop ui`); it will bind to `localhost` and accept any client that can reach `127.0.0.1`.\n2. **For remote access, use SSH port-forwarding** instead of `--share`:\n   ```\n   # On the client:\n   ssh -L 7860:localhost:7860 \u003ctraining-host\u003e\n   # On the server:\n   backprop ui            # no --share\n   # Then open http://localhost:7860 in your local browser.\n   ```\n   SSH provides the authentication layer the Reflex UI did not.\n3. **Audit existing deployments.** If any host running `backpropagate \u003e= 1.1.0` has previously been launched with `--share`, treat any uploaded training data, model paths, or HF push targets visible in that UI session as potentially exposed. Re-issue HF tokens that have been in use during such sessions.\n\n**Binary distribution gap.** Standalone binaries (Windows .exe / macOS .app via PyInstaller) failed to build for v1.2.0 and will land in a follow-up patch release. In the interim, users who relied on the v1.1.x binary distribution should install the patched version via `pip install backpropagate==1.2.0` to receive the auth-bypass fix. The v1.2.0 PyPI package and `@mcptoolshop/backpropagate@1.2.0` npm package both carry the patched code.\n\n## Credit\n\nDiscovered by the dogfood-swarm Stage A audit on 2026-05-22 (finding ID `FRONTEND-A-001`, classified CRITICAL). The audit also surfaced contradicting documentation in CHANGELOG / SHIP_GATE / README; those were corrected in v1.2.0 alongside the runtime fix.",
  "id": "GHSA-f65r-h4g3-3h9h",
  "modified": "2026-06-26T20:34:29Z",
  "published": "2026-06-26T20:34:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mcp-tool-shop-org/backpropagate/security/advisories/GHSA-f65r-h4g3-3h9h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48797"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mcp-tool-shop-org/backpropagate"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mcp-tool-shop-org/backpropagate/releases/tag/v1.2.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication"
}

GHSA-FFF2-PWCG-X73M

Vulnerability from github – Published: 2024-04-17 09:30 – Updated: 2024-04-23 18:30
VLAI
Details

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3838"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T08:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)",
  "id": "GHSA-fff2-pwcg-x73m",
  "modified": "2024-04-23T18:30:39Z",
  "published": "2024-04-17T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3838"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/328278717"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FG37-647W-PGRP

Vulnerability from github – Published: 2023-01-11 09:30 – Updated: 2023-01-19 00:30
VLAI
Details

Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26328"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-11T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.",
  "id": "GHSA-fg37-647w-pgrp",
  "modified": "2023-01-19T00:30:31Z",
  "published": "2023-01-11T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26328"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FJ5Q-23V3-V8R6

Vulnerability from github – Published: 2022-05-14 03:47 – Updated: 2022-05-14 03:47
VLAI
Details

In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-10T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.",
  "id": "GHSA-fj5q-23v3-v8r6",
  "modified": "2022-05-14T03:47:21Z",
  "published": "2022-05-14T03:47:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15664"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/43453"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/145760/Sync-Breeze-Enterprise-10.1.16-Denial-Of-Service.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G4RJ-2PVR-77XV

Vulnerability from github – Published: 2024-04-05 21:32 – Updated: 2024-04-05 21:32
VLAI
Details

An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23592"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-05T21:15:08Z",
    "severity": "MODERATE"
  },
  "details": "An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.",
  "id": "GHSA-g4rj-2pvr-77xv",
  "modified": "2024-04-05T21:32:45Z",
  "published": "2024-04-05T21:32:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23592"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-155804"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.