CWE-749
AllowedExposed Dangerous Method or Function
Abstraction: Base · Status: Incomplete
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
304 vulnerabilities reference this CWE, most recent first.
GHSA-P3HX-PWF3-J8WR
Vulnerability from github – Published: 2026-05-13 15:31 – Updated: 2026-06-09 10:18Impact
A user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value.
Patches
The issue has been remediated in Nautobot v2.4.33 and 3.1.2.
Workarounds
Note that many of the same end-result symptoms could be caused by a user with the same level of access simply changing the branch or remote_url of a GitRepository rather than crafting the current_head. Administrators are encouraged to carefully review which users are granted permissions to create and modify GitRepository records.
References
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "nautobot"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0a2"
},
{
"fixed": "3.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "nautobot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.33"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44798"
],
"database_specific": {
"cwe_ids": [
"CWE-471",
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-13T15:31:04Z",
"nvd_published_at": "2026-05-28T18:16:34Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA user with access to add/change a GitRepository record could use the REST API to directly set the `current_head` field on the record, which was not intended to be user-editable. Doing so could cause Nautobot\u0027s local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified `branch` (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the `current_head` pointing to a nonexistent commit hash or malformed value.\n\n### Patches\n\nThe issue has been remediated in Nautobot v2.4.33 and 3.1.2.\n\n\n### Workarounds\n\nNote that many of the same end-result symptoms could be caused by a user with the same level of access simply changing the `branch` or `remote_url` of a GitRepository rather than crafting the `current_head`. Administrators are encouraged to carefully review which users are granted permissions to create and modify GitRepository records.\n\n\n### References\n\n- 2.4.33 (\u003ca href=\"https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609\"\u003epatch\u003c/a\u003e)\n- 3.1.2 (\u003ca href=\"https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3\"\u003epatch\u003c/a\u003e)",
"id": "GHSA-p3hx-pwf3-j8wr",
"modified": "2026-06-09T10:18:49Z",
"published": "2026-05-13T15:31:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44798"
},
{
"type": "WEB",
"url": "https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609"
},
{
"type": "WEB",
"url": "https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3"
},
{
"type": "PACKAGE",
"url": "https://github.com/nautobot/nautobot"
},
{
"type": "WEB",
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33"
},
{
"type": "WEB",
"url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "Nautobot: GitRepository.current_head field should not be writable through REST API"
}
GHSA-P8MH-JV2C-P65G
Vulnerability from github – Published: 2026-05-13 21:32 – Updated: 2026-05-13 21:32Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.
This issue affects Symmetric Key Agreement Platform: before 26.03.
{
"affected": [],
"aliases": [
"CVE-2026-33583"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T19:17:06Z",
"severity": "HIGH"
},
"details": "Exposure of the QKEY (used as \ninput into the \u2018OTA-Quantum\u2019 device registration process) and internal \nsystem keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.\n\nThis issue affects Symmetric Key Agreement Platform: before 26.03.",
"id": "GHSA-p8mh-jv2c-p65g",
"modified": "2026-05-13T21:32:05Z",
"published": "2026-05-13T21:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33583"
},
{
"type": "WEB",
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P99H-PFG6-QRFG
Vulnerability from github – Published: 2023-12-12 03:31 – Updated: 2024-09-30 18:51Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-6mjg-37cp-42x5. This link is maintained to preserve external references.
Original Description
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "sap-xssec"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-639",
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-15T03:18:45Z",
"nvd_published_at": "2023-12-12T02:15:08Z",
"severity": "CRITICAL"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-6mjg-37cp-42x5. This link is maintained to preserve external references.\n\n## Original Description\nSAP\u00a0BTP\u00a0Security Services Integration Library ([Python]\u00a0sap-xssec) - versions \u003c 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.\n\n",
"id": "GHSA-p99h-pfg6-qrfg",
"modified": "2024-09-30T18:51:33Z",
"published": "2023-12-12T03:31:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50423"
},
{
"type": "WEB",
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067"
},
{
"type": "PACKAGE",
"url": "https://github.com/SAP/cloud-pysec"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3411067"
},
{
"type": "WEB",
"url": "https://pypi.org/project/sap-xssec"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Privilege escalation in sap-xssec",
"withdrawn": "2024-09-30T18:51:33Z"
}
GHSA-PG27-CWR7-CGQ8
Vulnerability from github – Published: 2023-05-31 15:30 – Updated: 2024-04-04 04:26In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
{
"affected": [],
"aliases": [
"CVE-2023-34227"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-31T14:15:10Z",
"severity": "HIGH"
},
"details": "In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks",
"id": "GHSA-pg27-cwr7-cgq8",
"modified": "2024-04-04T04:26:07Z",
"published": "2023-05-31T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34227"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PG7C-4MVG-5FMJ
Vulnerability from github – Published: 2023-09-14 00:30 – Updated: 2023-12-28 18:30The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
{
"affected": [],
"aliases": [
"CVE-2023-23840"
],
"database_specific": {
"cwe_ids": [
"CWE-697",
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-13T23:15:07Z",
"severity": "HIGH"
},
"details": "The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.",
"id": "GHSA-pg7c-4mvg-5fmj",
"modified": "2023-12-28T18:30:32Z",
"published": "2023-09-14T00:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23840"
},
{
"type": "WEB",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm"
},
{
"type": "WEB",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23840"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PHVQ-JRFX-8JHP
Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30PDF-XChange Editor exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the exportAsText method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19649.
{
"affected": [],
"aliases": [
"CVE-2023-39493"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:15:16Z",
"severity": "HIGH"
},
"details": "PDF-XChange Editor exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the exportAsText method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19649.",
"id": "GHSA-phvq-jrfx-8jhp",
"modified": "2024-05-03T03:30:56Z",
"published": "2024-05-03T03:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39493"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1130"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PHWF-PMC2-5CX4
Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697.
{
"affected": [],
"aliases": [
"CVE-2023-27363"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T02:15:14Z",
"severity": "HIGH"
},
"details": "Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697.",
"id": "GHSA-phwf-pmc2-5cx4",
"modified": "2024-05-03T03:30:49Z",
"published": "2024-05-03T03:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27363"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-491"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PPQ4-8J5Q-QJJX
Vulnerability from github – Published: 2024-06-11 12:31 – Updated: 2024-08-06 15:30A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files.
{
"affected": [],
"aliases": [
"CVE-2024-35209"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T12:15:17Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions \u003c V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files.",
"id": "GHSA-ppq4-8j5q-qjjx",
"modified": "2024-08-06T15:30:47Z",
"published": "2024-06-11T12:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35209"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-196737.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PQFH-R9H2-3RX3
Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2023-11-01 15:33EisBaer Scada - CWE-749: Exposed Dangerous Method or Function
{
"affected": [],
"aliases": [
"CVE-2023-42494"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-25T18:17:31Z",
"severity": "CRITICAL"
},
"details": " EisBaer Scada - CWE-749: Exposed Dangerous Method or Function",
"id": "GHSA-pqfh-r9h2-3rx3",
"modified": "2023-11-01T15:33:29Z",
"published": "2023-10-25T18:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42494"
},
{
"type": "WEB",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PX3X-22XV-F633
Vulnerability from github – Published: 2025-12-24 00:30 – Updated: 2025-12-24 00:30RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27657.
{
"affected": [],
"aliases": [
"CVE-2025-14488"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-23T22:15:49Z",
"severity": "HIGH"
},
"details": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27657.",
"id": "GHSA-px3x-22xv-f633",
"modified": "2025-12-24T00:30:15Z",
"published": "2025-12-24T00:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14488"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1167"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.
Mitigation
Strategy: Attack Surface Reduction
- Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
- Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
- accessible to all users
- restricted to a small set of privileged users
- prevented from being directly accessible at all
CAPEC-500: WebView Injection
An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.