diff --git a/advisories/unreviewed/2024/12/GHSA-787v-v9vq-4rgv/GHSA-787v-v9vq-4rgv.json b/advisories/github-reviewed/2024/12/GHSA-787v-v9vq-4rgv/GHSA-787v-v9vq-4rgv.json similarity index 59% rename from advisories/unreviewed/2024/12/GHSA-787v-v9vq-4rgv/GHSA-787v-v9vq-4rgv.json rename to advisories/github-reviewed/2024/12/GHSA-787v-v9vq-4rgv/GHSA-787v-v9vq-4rgv.json index 67233c8bc5c19..7c72f7673239d 100644 --- a/advisories/unreviewed/2024/12/GHSA-787v-v9vq-4rgv/GHSA-787v-v9vq-4rgv.json +++ b/advisories/github-reviewed/2024/12/GHSA-787v-v9vq-4rgv/GHSA-787v-v9vq-4rgv.json @@ -1,27 +1,56 @@ { "schema_version": "1.4.0", "id": "GHSA-787v-v9vq-4rgv", - "modified": "2024-12-12T15:31:09Z", + "modified": "2024-12-12T19:23:21Z", "published": "2024-12-12T15:31:09Z", "aliases": [ "CVE-2024-55633" ], + "summary": "Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access", "details": "Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable. \n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.", "severity": [ { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "apache-superset" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "4.1.0" + } + ] + } + ] } ], - "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55633" }, + { + "type": "PACKAGE", + "url": "https://github.com/apache/superset" + }, { "type": "WEB", "url": "https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2024/12/12/1" } ], "database_specific": { @@ -29,8 +58,8 @@ "CWE-285" ], "severity": "HIGH", - "github_reviewed": false, - "github_reviewed_at": null, + "github_reviewed": true, + "github_reviewed_at": "2024-12-12T19:23:21Z", "nvd_published_at": "2024-12-12T15:15:17Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2024/12/GHSA-7mj5-hjjj-8rgw/GHSA-7mj5-hjjj-8rgw.json b/advisories/github-reviewed/2024/12/GHSA-7mj5-hjjj-8rgw/GHSA-7mj5-hjjj-8rgw.json new file mode 100644 index 0000000000000..c7e9c5766258e --- /dev/null +++ b/advisories/github-reviewed/2024/12/GHSA-7mj5-hjjj-8rgw/GHSA-7mj5-hjjj-8rgw.json @@ -0,0 +1,89 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7mj5-hjjj-8rgw", + "modified": "2024-12-12T19:22:01Z", + "published": "2024-12-12T19:22:01Z", + "aliases": [ + "CVE-2024-55875" + ], + "summary": "http4k has a potential XXE (XML External Entity Injection) vulnerability", + "details": "### Summary\n_Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server._\n\nThere is a potential XXE(XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances.\n\n### Details\n_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._\nhttps://github.com/http4k/http4k/blob/25696dff2d90206cc1da42f42a1a8dbcdbcdf18c/core/format/xml/src/main/kotlin/org/http4k/format/Xml.kt#L42-L46\nXML contents is parsed with DocumentBuilder without security settings on or external entity enabled\n\n### PoC\n_Complete instructions, including specific configuration details, to reproduce the vulnerability._\n#### Example Vulnerable server code:\n```\nimport org.http4k.core.*\nimport org.http4k.format.Xml.xml\nimport org.http4k.server.Netty\nimport org.http4k.server.asServer\nimport org.w3c.dom.Document\n\nfun main() {\n\n val xmlLens = Body.xml().toLens()\n\n // Create an HTTP handler\n val app: HttpHandler = { request ->\n try {\n // Parse the incoming XML payload to a Document object\n val xmlDocument: Document = xmlLens(request)\n\n // Extract root element name or other details from the XML\n val rootElementName = xmlDocument.documentElement.nodeName\n\n // Create a response XML based on the extracted information\n val responseXml = \"\"\"\n \n Root element is: $rootElementName\n \n \"\"\".trimIndent()\n\n // Respond with XML\n Response(Status.OK).body(responseXml).header(\"Content-Type\", \"application/xml\")\n } catch (e: Exception) {\n // Handle invalid XML or other errors\n Response(Status.BAD_REQUEST).body(\"Invalid XML: ${e.message}\")\n }\n }\n\n // Start the server\n val server = app.asServer(Netty(9000)).start()\n println(\"Server started on http://localhost:9000\")\n}\n```\n#### Maven dependency:\n```\n\n \n org.jetbrains.kotlin\n kotlin-test-junit5\n 1.9.0\n test\n \n \n org.junit.jupiter\n junit-jupiter-engine\n 5.10.0\n test\n \n \n org.jetbrains.kotlin\n kotlin-stdlib\n 1.9.0\n \n\n \n org.http4k\n http4k-core\n 5.40.0.0\n \n\n \n \n org.http4k\n http4k-format-xml\n 5.40.0.0\n \n\n \n \n org.http4k\n http4k-server-netty\n 5.40.0.0\n \n \n```\n#### Exploit payload example to trigger SSRF\n`curl -X POST http://localhost:9000 -H \"Content-Type: application/xml\" -d \"]>&xxe;\"`\n\n\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\nThe servers that employ this XML parsing feature of http4k are vulnerable to this XXE vulnerability\n", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "org.http4k:http4k-format-xml" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "5.0.0.0" + }, + { + "fixed": "5.41.0.0" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 5.40.0.0" + } + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.http4k:http4k-format-xml" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "4.50.0.0" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/http4k/http4k/security/advisories/GHSA-7mj5-hjjj-8rgw" + }, + { + "type": "WEB", + "url": "https://github.com/http4k/http4k/commit/35297adc6d6aca4951d50d8cdf17ff87a8b19fbc" + }, + { + "type": "PACKAGE", + "url": "https://github.com/http4k/http4k" + }, + { + "type": "WEB", + "url": "https://github.com/http4k/http4k/blob/25696dff2d90206cc1da42f42a1a8dbcdbcdf18c/core/format/xml/src/main/kotlin/org/http4k/format/Xml.kt#L42-L46" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200", + "CWE-611", + "CWE-918" + ], + "severity": "CRITICAL", + "github_reviewed": true, + "github_reviewed_at": "2024-12-12T19:22:01Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2024/12/GHSA-9j3m-fr7q-jxfw/GHSA-9j3m-fr7q-jxfw.json b/advisories/github-reviewed/2024/12/GHSA-9j3m-fr7q-jxfw/GHSA-9j3m-fr7q-jxfw.json new file mode 100644 index 0000000000000..000931210bc0d --- /dev/null +++ b/advisories/github-reviewed/2024/12/GHSA-9j3m-fr7q-jxfw/GHSA-9j3m-fr7q-jxfw.json @@ -0,0 +1,75 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9j3m-fr7q-jxfw", + "modified": "2024-12-12T19:22:39Z", + "published": "2024-12-12T19:22:39Z", + "aliases": [ + "CVE-2024-55885" + ], + "summary": "Beego has Collision Hazards of MD5 in Cache Key Filenames", + "details": "In the context of using MD5 to generate filenames for cache keys, there are significant collision hazards that need to be considered. MD5, or Message Digest Algorithm 5, is a widely known cryptographic hash function that produces a 128-bit hash value. However, MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks.\n\n### Understanding Collisions\nA collision in hashing occurs when two different inputs produce the same hash output. For MD5, this means that it is theoretically possible, and even practical, to find two distinct cache keys that result in the same MD5 hash. This vulnerability has been well-documented and exploited in various security contexts.\n\n### Implications for Cache Systems\nIn a cache system where filenames are derived from the MD5 hash of cache keys, a collision could lead to several critical issues:\n\nData Integrity Risks: If two different keys collide, they will map to the same filename. This could result in data being overwritten incorrectly, leading to data loss or corruption.\nSecurity Vulnerabilities: An attacker could potentially exploit collisions to manipulate cache data. For instance, by crafting a key that collides with another key, an attacker might gain unauthorized access to sensitive cached information or inject malicious data.\n\nUnpredictable Behavior: Collisions can cause the cache system to behave unpredictably, as it may retrieve or store data in unintended files, leading to system instability or incorrect behavior.\n\n### Mitigation Strategies\nTo mitigate these risks, consider the following strategies:\n\nUse a More Secure Hash Function: Replace MD5 with a more secure hash function like SHA-256, which has a significantly lower probability of collisions and is resistant to known attack vectors.\n\ncode at:https://github.com/beego/beego/blob/bb72dc27ac3970e51d38ee52fc3dc1465ae25b9d/client/cache/file.go#L126", + "severity": [], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/beego/beego" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.3.4" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/beego/beego/v2" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.3.4" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/beego/beego/security/advisories/GHSA-9j3m-fr7q-jxfw" + }, + { + "type": "WEB", + "url": "https://github.com/beego/beego/commit/e7fa4835f71f47ab1d13afd638cebf661800d5a4" + }, + { + "type": "PACKAGE", + "url": "https://github.com/beego/beego" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-328" + ], + "severity": "LOW", + "github_reviewed": true, + "github_reviewed_at": "2024-12-12T19:22:39Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2024/12/GHSA-cwq6-mjmx-47p6/GHSA-cwq6-mjmx-47p6.json b/advisories/github-reviewed/2024/12/GHSA-cwq6-mjmx-47p6/GHSA-cwq6-mjmx-47p6.json new file mode 100644 index 0000000000000..bff775ded6b84 --- /dev/null +++ b/advisories/github-reviewed/2024/12/GHSA-cwq6-mjmx-47p6/GHSA-cwq6-mjmx-47p6.json @@ -0,0 +1,84 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cwq6-mjmx-47p6", + "modified": "2024-12-12T19:21:16Z", + "published": "2024-12-12T19:21:16Z", + "aliases": [ + "CVE-2024-55876" + ], + "summary": "XWiki's scheduler in subwiki allows scheduling operations for any main wiki user", + "details": "### Impact\nAny user with an account on the main wiki could run scheduling operations on subwikis.\nTo reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable.\n\n### Patches\nThis has been patched in XWiki 15.10.9 and 16.3.0.\n\n### Workarounds\nIf you have subwikis where the Job Scheduler is enabled, you can edit the objects on `Scheduler.WebPreferences` to match https://github.com/xwiki/xwiki-platform/commit/54bcc5a7a2e440cc591b91eece9c13dc0c487331#diff-8e274bd0065e319a34090339de6dfe56193144d15fd71c52c1be7272254728b4.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-21663\n* https://github.com/xwiki/xwiki-platform/commit/54bcc5a7a2e440cc591b91eece9c13dc0c487331\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "org.xwiki.platform:xwiki-platform-scheduler-ui" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.2-milestone-2" + }, + { + "fixed": "15.10.9" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.xwiki.platform:xwiki-platform-scheduler-ui" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "16.0.0-rc-1" + }, + { + "fixed": "16.3.0" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cwq6-mjmx-47p6" + }, + { + "type": "WEB", + "url": "https://github.com/xwiki/xwiki-platform/commit/54bcc5a7a2e440cc591b91eece9c13dc0c487331" + }, + { + "type": "PACKAGE", + "url": "https://github.com/xwiki/xwiki-platform" + }, + { + "type": "WEB", + "url": "https://jira.xwiki.org/browse/XWIKI-21663" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2024-12-12T19:21:16Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2024/12/GHSA-j2pq-22jj-4pm5/GHSA-j2pq-22jj-4pm5.json b/advisories/github-reviewed/2024/12/GHSA-j2pq-22jj-4pm5/GHSA-j2pq-22jj-4pm5.json new file mode 100644 index 0000000000000..78f0f9ec52b35 --- /dev/null +++ b/advisories/github-reviewed/2024/12/GHSA-j2pq-22jj-4pm5/GHSA-j2pq-22jj-4pm5.json @@ -0,0 +1,89 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j2pq-22jj-4pm5", + "modified": "2024-12-12T19:23:04Z", + "published": "2024-12-12T19:23:04Z", + "aliases": [ + "CVE-2024-55662" + ], + "summary": "XWiki allows remote code execution through the extension sheet", + "details": "### Impact\nOn instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server.\nIn order to reproduce on an instance, as a normal user without `script` nor `programming` rights, go to your profile and add an object of type `ExtensionCode.ExtensionClass`. Set the description to `{{async}}{{groovy}}println(\"Hello from Description\"){{/groovy}}{{/async}}` and press `Save and View`. If the description displays as `Hello from Description` without any error, then the instance is vulnerable.\n\n### Patches\nThis vulnerability has been fixed in XWiki 15.10.9 and 16.3.0.\n\n### Workarounds\nSince `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it.\nIt is also possible to manually apply [this patch](https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8#diff-9b6f9e853f23d76611967737f8c4072ffceaba4c006ca5a5e65b66d988dc084a) to the page `ExtensionCode.ExtensionSheet`, as well as [this patch](https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8#diff-d571404d94fa27360cfee64f2a11d8c819b397529db275e005606b7356610f82) to the page `ExtensionCode.ExtensionAuthorsDisplayer`.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-21890\n* https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "org.xwiki.platform:xwiki-platform-repository-server-ui" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "3.3-milestone-1" + }, + { + "fixed": "15.10.9" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.xwiki.platform:xwiki-platform-repository-server-ui" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "16.0.0-rc-1" + }, + { + "fixed": "16.3.0" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2pq-22jj-4pm5" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55662" + }, + { + "type": "WEB", + "url": "https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8" + }, + { + "type": "PACKAGE", + "url": "https://github.com/xwiki/xwiki-platform" + }, + { + "type": "WEB", + "url": "https://jira.xwiki.org/browse/XWIKI-21890" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863", + "CWE-96" + ], + "severity": "CRITICAL", + "github_reviewed": true, + "github_reviewed_at": "2024-12-12T19:23:04Z", + "nvd_published_at": "2024-12-12T18:15:27Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2024/12/GHSA-wh34-m772-5398/GHSA-wh34-m772-5398.json b/advisories/github-reviewed/2024/12/GHSA-wh34-m772-5398/GHSA-wh34-m772-5398.json new file mode 100644 index 0000000000000..db6f7b56c1cb3 --- /dev/null +++ b/advisories/github-reviewed/2024/12/GHSA-wh34-m772-5398/GHSA-wh34-m772-5398.json @@ -0,0 +1,84 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wh34-m772-5398", + "modified": "2024-12-12T19:22:12Z", + "published": "2024-12-12T19:22:12Z", + "aliases": [ + "CVE-2024-55663" + ], + "summary": "XWiki Platform has an SQL injection in getdocuments.vm with sort parameter", + "details": "### Impact\n\nIn `getdocument.vm` ; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL.\n\nDepending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries.\n\nIt's possible to employ database backend dependent techniques of breaking out of HQL query context, described, for example, here: https://www.sonarsource.com/blog/exploiting-hibernate-injections.\n\n### Patches\n\nThis has been patched in 13.10.5 and 14.3-rc-1.\n\n### Workarounds\n\nThere is no known workaround, other than upgrading XWiki.\n\n### References\n\nhttps://jira.xwiki.org/browse/XWIKI-17568\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "org.xwiki.platform:xwiki-platform-distribution-war" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "11.10.6" + }, + { + "fixed": "13.10.5" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.xwiki.platform:xwiki-platform-distribution-war" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "14.0-rc-1" + }, + { + "fixed": "14.3-rc-1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wh34-m772-5398" + }, + { + "type": "WEB", + "url": "https://github.com/xwiki/xwiki-platform/commit/673076e2e8b88a36cdeaf7007843aa9ca1a068a0" + }, + { + "type": "PACKAGE", + "url": "https://github.com/xwiki/xwiki-platform" + }, + { + "type": "WEB", + "url": "https://jira.xwiki.org/browse/XWIKI-17568" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-116" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2024-12-12T19:22:12Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2024/12/GHSA-x6mh-rjwm-8ph7/GHSA-x6mh-rjwm-8ph7.json b/advisories/github-reviewed/2024/12/GHSA-x6mh-rjwm-8ph7/GHSA-x6mh-rjwm-8ph7.json new file mode 100644 index 0000000000000..29acea8194880 --- /dev/null +++ b/advisories/github-reviewed/2024/12/GHSA-x6mh-rjwm-8ph7/GHSA-x6mh-rjwm-8ph7.json @@ -0,0 +1,61 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x6mh-rjwm-8ph7", + "modified": "2024-12-12T19:22:53Z", + "published": "2024-12-12T19:22:53Z", + "aliases": [ + "CVE-2024-55878" + ], + "summary": "Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx", + "details": "### Impact\nWhen calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code.\n\n### Patches\nThe supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.12\n\n### Workarounds\nDon't use direct publication via toHTMLEx\n\n***\nThis vulnerability was discovered by Aleksey Solovev (Positive Technologies)\n", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "shuchkin/simplexlsx" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.0.12" + }, + { + "fixed": "1.1.12" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/shuchkin/simplexlsx/security/advisories/GHSA-x6mh-rjwm-8ph7" + }, + { + "type": "WEB", + "url": "https://github.com/shuchkin/simplexlsx/commit/cb4e716259e83d18e89292a4f1b721f4d34e28c2" + }, + { + "type": "PACKAGE", + "url": "https://github.com/shuchkin/simplexlsx" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2024-12-12T19:22:53Z", + "nvd_published_at": null + } +} \ No newline at end of file