CWE-837
AllowedImproper Enforcement of a Single, Unique Action
Abstraction: Base · Status: Incomplete
The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction.
32 vulnerabilities reference this CWE, most recent first.
GHSA-7WPF-4JWJ-R2V3
Vulnerability from github – Published: 2025-01-02 18:30 – Updated: 2025-11-04 00:32While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by pull request 2636 https://github.com/CTFd/CTFd/pull/2636 included in 3.7.5 release.
{
"affected": [],
"aliases": [
"CVE-2024-11716"
],
"database_specific": {
"cwe_ids": [
"CWE-837"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-02T17:15:07Z",
"severity": "MODERATE"
},
"details": "While assignment of a user to a team (bracket) in\u00a0CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it\u0027s bracket and then pick a new one, joining another team while a competition is already ongoing.\nThis issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by pull request 2636 https://github.com/CTFd/CTFd/pull/2636 \u00a0included in 3.7.5 release.",
"id": "GHSA-7wpf-4jwj-r2v3",
"modified": "2025-11-04T00:32:15Z",
"published": "2025-01-02T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11716"
},
{
"type": "WEB",
"url": "https://github.com/CTFd/CTFd/pull/2636"
},
{
"type": "WEB",
"url": "https://blog.ctfd.io/ctfd-3-7-5"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2025/01/CVE-2024-11716"
},
{
"type": "WEB",
"url": "https://ctfd.io"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2024/Dec/21"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Dec/21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-8WM9-24QG-M5QJ
Vulnerability from github – Published: 2024-09-03 21:31 – Updated: 2024-09-17 22:22Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-gc7q-jgjv-vjr2. This link is maintained to preserve external references.
Original Description
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 24.0.3"
},
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "24.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-837"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-03T21:57:40Z",
"nvd_published_at": "2024-09-03T20:15:09Z",
"severity": "MODERATE"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-gc7q-jgjv-vjr2. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.",
"id": "GHSA-8wm9-24qg-m5qj",
"modified": "2024-09-17T22:22:26Z",
"published": "2024-09-03T21:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6494"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6495"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6497"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6499"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6500"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6501"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-4629"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: Keycloak has a brute force login protection bypass",
"withdrawn": "2024-09-17T22:22:26Z"
}
GHSA-9W6G-7JPW-87HF
Vulnerability from github – Published: 2025-01-02 18:30 – Updated: 2025-11-04 00:32Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user's password and take over the account. Moreover, the tokens also include base64 encoded user email.
This issue impacts releases up to 3.7.4 and was addressed by pull request 2679 https://github.com/CTFd/CTFd/pull/2679 included in 3.7.5 release.
{
"affected": [],
"aliases": [
"CVE-2024-11717"
],
"database_specific": {
"cwe_ids": [
"CWE-837"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-02T17:15:07Z",
"severity": "MODERATE"
},
"details": "Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user\u0027s password and take over the account.\u00a0Moreover, the tokens also include base64 encoded user email.\n\nThis issue impacts releases up to 3.7.4 and was addressed by pull request 2679 https://github.com/CTFd/CTFd/pull/2679 \u00a0included in 3.7.5 release.",
"id": "GHSA-9w6g-7jpw-87hf",
"modified": "2025-11-04T00:32:15Z",
"published": "2025-01-02T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11717"
},
{
"type": "WEB",
"url": "https://github.com/CTFd/CTFd/pull/2679"
},
{
"type": "WEB",
"url": "https://blog.ctfd.io/ctfd-3-7-5"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2025/01/CVE-2024-11716"
},
{
"type": "WEB",
"url": "https://ctfd.io"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2024/Dec/21"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Dec/21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FC55-XRCV-X657
Vulnerability from github – Published: 2026-05-07 06:31 – Updated: 2026-05-07 06:31Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.
{
"affected": [],
"aliases": [
"CVE-2026-44601"
],
"database_specific": {
"cwe_ids": [
"CWE-837"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-07T04:16:35Z",
"severity": "LOW"
},
"details": "Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.",
"id": "GHSA-fc55-xrcv-x657",
"modified": "2026-05-07T06:31:42Z",
"published": "2026-05-07T06:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44601"
},
{
"type": "WEB",
"url": "https://forum.torproject.org/c/news/tor-release-announcement/28"
},
{
"type": "WEB",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/commit/d4e3f6a440b58c2be661decf20c09548704907dc"
},
{
"type": "WEB",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/work_items/41237"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/05/06/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-GC7Q-JGJV-VJR2
Vulnerability from github – Published: 2024-09-17 22:29 – Updated: 2024-09-17 22:29If an attacker launches many login attempts in parallel then the attacker can have more guesses at a password than the brute force protection configuration permits. This is due to the brute force check occurring before the brute force protector has locked the user.
Acknowledgements: Special thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "22.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "23.0.0"
},
{
"fixed": "24.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "25.0.0"
},
{
"fixed": "25.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-4629"
],
"database_specific": {
"cwe_ids": [
"CWE-307",
"CWE-837"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-17T22:29:01Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "If an attacker launches many login attempts in parallel then the attacker can have more guesses at a password than the brute force protection configuration permits. This is due to the brute force check occurring before the brute force protector has locked the user.\n\n**Acknowledgements:**\nSpecial thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.",
"id": "GHSA-gc7q-jgjv-vjr2",
"modified": "2024-09-17T22:29:01Z",
"published": "2024-09-17T22:29:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-4629"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6501"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6500"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6499"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6497"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6495"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6494"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6493"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Keycloak Services has a potential bypass of brute force protection"
}
GHSA-HR3W-F8MH-X6JR
Vulnerability from github – Published: 2023-12-13 15:30 – Updated: 2023-12-13 15:30A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887.
{
"affected": [],
"aliases": [
"CVE-2023-6759"
],
"database_specific": {
"cwe_ids": [
"CWE-837"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-13T15:15:08Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887.",
"id": "GHSA-hr3w-f8mh-x6jr",
"modified": "2023-12-13T15:30:58Z",
"published": "2023-12-13T15:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6759"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.247887"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.247887"
},
{
"type": "WEB",
"url": "http://39.106.130.187/Icecms.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J8G5-8X38-5XQP
Vulnerability from github – Published: 2025-10-02 21:31 – Updated: 2025-10-02 21:31The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.
{
"affected": [],
"aliases": [
"CVE-2025-54315"
],
"database_specific": {
"cwe_ids": [
"CWE-837"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-02T19:15:31Z",
"severity": "HIGH"
},
"details": "The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.",
"id": "GHSA-j8g5-8x38-5xqp",
"modified": "2025-10-02T21:31:19Z",
"published": "2025-10-02T21:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54315"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/matrix-spec/releases/tag/v1.16"
},
{
"type": "WEB",
"url": "https://matrix.org/blog/2025/08/project-hydra-improving-state-res"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-QWF9-CH8Q-FHX3
Vulnerability from github – Published: 2023-11-30 18:31 – Updated: 2023-11-30 18:31A vulnerability classified as problematic has been found in IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-6438"
],
"database_specific": {
"cwe_ids": [
"CWE-837"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-30T17:15:13Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic has been found in IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability.",
"id": "GHSA-qwf9-ch8q-fhx3",
"modified": "2023-11-30T18:31:18Z",
"published": "2023-11-30T18:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6438"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.246438"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.246438"
},
{
"type": "WEB",
"url": "http://124.71.147.32:8082"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RFGJ-C5JH-9W59
Vulnerability from github – Published: 2025-09-10 00:31 – Updated: 2025-09-10 00:31Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
{
"affected": [],
"aliases": [
"CVE-2025-58135"
],
"database_specific": {
"cwe_ids": [
"CWE-837"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T22:15:34Z",
"severity": "MODERATE"
},
"details": "Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.",
"id": "GHSA-rfgj-c5jh-9w59",
"modified": "2025-09-10T00:31:01Z",
"published": "2025-09-10T00:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58135"
},
{
"type": "WEB",
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25036"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RGVH-4M82-FVJQ
Vulnerability from github – Published: 2025-10-27 20:12 – Updated: 2025-10-27 22:32Impact
Any plugin using the GuiStorageElement is impacted when used on a server which allows the (currently experimental) Bundle items.
Patches
Patched with https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494 ("backported" to 1.6.3-SNAPSHOT)
Update to 1.6.4-SNAPSHOT to guarantee that it's included!
Workarounds
Don't enable the experiment "Bundle" items or don't use the GuiStorageElement in GUIs.
References
Original issue: https://github.com/Phoenix616/InventoryGui/issues/51
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.6.3-SNAPSHOT"
},
"package": {
"ecosystem": "Maven",
"name": "de.themoep:inventorygui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.4-SNAPSHOT"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62782"
],
"database_specific": {
"cwe_ids": [
"CWE-837"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-27T20:12:50Z",
"nvd_published_at": "2025-10-27T21:15:38Z",
"severity": "MODERATE"
},
"details": "### Impact\nAny plugin using the GuiStorageElement is impacted when used on a server which allows the (currently experimental) Bundle items.\n\n### Patches\nPatched with https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494 (\"backported\" to 1.6.3-SNAPSHOT)\n\nUpdate to 1.6.4-SNAPSHOT to guarantee that it\u0027s included!\n\n### Workarounds\nDon\u0027t enable the experiment \"Bundle\" items or don\u0027t use the GuiStorageElement in GUIs.\n\n### References\nOriginal issue: https://github.com/Phoenix616/InventoryGui/issues/51",
"id": "GHSA-rgvh-4m82-fvjq",
"modified": "2025-10-27T22:32:04Z",
"published": "2025-10-27T20:12:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-rgvh-4m82-fvjq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62782"
},
{
"type": "WEB",
"url": "https://github.com/Phoenix616/InventoryGui/issues/51"
},
{
"type": "WEB",
"url": "https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494"
},
{
"type": "PACKAGE",
"url": "https://github.com/Phoenix616/InventoryGui"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:L/SC:N/SI:L/SA:L",
"type": "CVSS_V4"
}
],
"summary": "InventoryGui allows item duplication with experimental \"Bundle\" item in GUIs which use GuiStorageElement"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.