Common Weakness Enumeration

CWE-1288

Allowed

Improper Validation of Consistency within Input

Abstraction: Base · Status: Incomplete

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

44 vulnerabilities reference this CWE, most recent first.

GHSA-8HP2-QMC6-F97H

Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-06-30 03:36
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: validate the whole DACL before rewriting it in cifsacl

build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild the chmod/chown security descriptor.

The original fix only checked that the struct smb_acl header fits before reading dacl_ptr->size or dacl_ptr->num_aces. That avoids the immediate header-field OOB read, but the rewrite helpers still walk ACEs based on pdacl->num_aces with no structural validation of the incoming DACL body.

A malicious server can return a truncated DACL that still contains a header, claims one or more ACEs, and then drive replace_sids_and_copy_aces() or set_chmod_dacl() past the validated extent while they compare or copy attacker-controlled ACEs.

Factor the DACL structural checks into validate_dacl(), extend them to validate each ACE against the DACL bounds, and use the shared validator before the chmod/chown rebuild paths. parse_dacl() reuses the same validator so the read-side parser and write-side rewrite paths agree on what constitutes a well-formed incoming DACL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31709"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-01T14:16:20Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: validate the whole DACL before rewriting it in cifsacl\n\nbuild_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a\nserver-supplied dacloffset and then use the incoming ACL to rebuild the\nchmod/chown security descriptor.\n\nThe original fix only checked that the struct smb_acl header fits before\nreading dacl_ptr-\u003esize or dacl_ptr-\u003enum_aces.  That avoids the immediate\nheader-field OOB read, but the rewrite helpers still walk ACEs based on\npdacl-\u003enum_aces with no structural validation of the incoming DACL body.\n\nA malicious server can return a truncated DACL that still contains a\nheader, claims one or more ACEs, and then drive\nreplace_sids_and_copy_aces() or set_chmod_dacl() past the validated\nextent while they compare or copy attacker-controlled ACEs.\n\nFactor the DACL structural checks into validate_dacl(), extend them to\nvalidate each ACE against the DACL bounds, and use the shared validator\nbefore the chmod/chown rebuild paths.  parse_dacl() reuses the same\nvalidator so the read-side parser and write-side rewrite paths agree on\nwhat constitutes a well-formed incoming DACL.",
  "id": "GHSA-8hp2-qmc6-f97h",
  "modified": "2026-06-30T03:36:28Z",
  "published": "2026-05-01T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31709"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31709.json"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff0ca46b13b9ef6edbcd238a3b6caacfef8ba0e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d92f3f0b22414e7515696a02224d0af55e3004a3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2abdebf72000a64603ced84d36ccbd164f11391"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b8603d9ae6c9087662b098619996bc4a8064319d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b78db9bddc84136f6a0bb49e8883cf200dfb87a8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e47d297e7cf9a6029a0d38e7b22faba7d7aaf12"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a8cf165566ba55a39fd0f4de172119dd646d39a"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464476"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-31709"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:24343"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:23329"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:23237"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:23224"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:22940"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:22900"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:21745"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:21706"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:21556"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9H7V-6CR6-HCPX

Vulnerability from github – Published: 2024-06-18 12:30 – Updated: 2025-11-03 21:31
VLAI
Details

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5953"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-18T10:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.",
  "id": "GHSA-9h7v-6cr6-hcpx",
  "modified": "2025-11-03T21:31:07Z",
  "published": "2024-06-18T12:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5953"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:4633"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:4997"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:5192"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:5690"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6153"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6568"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6569"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6576"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:7458"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:1632"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-5953"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292104"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C65P-X677-FGJ6

Vulnerability from github – Published: 2025-05-28 18:03 – Updated: 2025-05-29 21:36
VLAI
Summary
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
Details

Summary

In the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the image’s shape (width, height, mode). As a result, two images of different sizes (e.g., 30x100 and 100x30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks.

Details

  • Affected file: vllm/multimodal/hasher.py
  • Affected method: MultiModalHasher.serialize_item https://github.com/vllm-project/vllm/blob/9420a1fc30af1a632bbc2c66eb8668f3af41f026/vllm/multimodal/hasher.py#L34-L35
  • Current behavior: For Image.Image instances, only obj.tobytes() is used for hashing.
  • Problem description: obj.tobytes() does not include the image’s width, height, or mode metadata.
  • Impact: Two images with the same pixel byte sequence but different sizes could be regarded as the same image by the cache and hashing system, which may result in:
    • Incorrect cache hits, leading to abnormal responses
    • Deliberate construction of images with different meanings but the same hash value

Recommendation

In the serialize_item method, serialization of Image.Image objects should include not only pixel data, but also all critical metadata—such as dimensions (size), color mode (mode), format, and especially the info dictionary. The info dictionary is particularly important in palette-based images (e.g., mode 'P'), where the palette itself is stored in info. Ignoring info can result in hash collisions between visually distinct images with the same pixel bytes but different palettes or metadata. This can lead to incorrect cache hits or even data leakage.

Summary:
Serializing only the raw pixel data is insecure. Always include all image metadata (size, mode, format, info) in the hash calculation to prevent collisions, especially in cases like palette-based images.

Impact for other modalities For the influence of other modalities, since the video modality is transformed into a multi-dimensional array containing the length, width, time, etc. of the video, the same problem exists due to the incorrect sequence of numpy as well.

For audio, since the momo function is not enabled in librosa.load, the loaded audio is automatically encoded into single channels by librosa and returns a one-dimensional array of numpy, thus keeping the structure of numpy fixed and not affected by this issue.

Fixes

  • https://github.com/vllm-project/vllm/pull/17378
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vllm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.7.0"
            },
            {
              "fixed": "0.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-46722"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1023",
      "CWE-1288"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-28T18:03:41Z",
    "nvd_published_at": "2025-05-29T17:15:21Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nIn the file `vllm/multimodal/hasher.py`, the `MultiModalHasher` class has a security and data integrity issue in its image hashing method. Currently, it serializes `PIL.Image.Image` objects using only `obj.tobytes()`, which returns only the raw pixel data, without including metadata such as the image\u2019s shape (width, height, mode). As a result, two images of different sizes (e.g., 30x100 and 100x30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks.\n\n## Details\n\n- **Affected file:** `vllm/multimodal/hasher.py`\n- **Affected method:** `MultiModalHasher.serialize_item`\nhttps://github.com/vllm-project/vllm/blob/9420a1fc30af1a632bbc2c66eb8668f3af41f026/vllm/multimodal/hasher.py#L34-L35\n- **Current behavior:** For `Image.Image` instances, only `obj.tobytes()` is used for hashing.\n- **Problem description:** `obj.tobytes()` does not include the image\u2019s width, height, or mode metadata.\n- **Impact:** Two images with the same pixel byte sequence but different sizes could be regarded as the same image by the cache and hashing system, which may result in:\n    - Incorrect cache hits, leading to abnormal responses\n    - Deliberate construction of images with different meanings but the same hash value\n\n\n## Recommendation\n\nIn the `serialize_item` method, **serialization of `Image.Image` objects should include not only pixel data, but also all critical metadata**\u2014such as dimensions (`size`), color mode (`mode`), format, and especially the `info` dictionary. The `info` dictionary is particularly important in palette-based images (e.g., mode `\u0027P\u0027`), where the palette itself is stored in `info`. Ignoring `info` can result in hash collisions between visually distinct images with the same pixel bytes but different palettes or metadata. This can lead to incorrect cache hits or even data leakage.\n\n**Summary:**  \nSerializing only the raw pixel data is insecure. Always include all image metadata (`size`, `mode`, `format`, `info`) in the hash calculation to prevent collisions, especially in cases like palette-based images.\n\n**Impact for other modalities**\nFor the influence of other modalities, since the video modality is transformed into a multi-dimensional array containing the length, width, time, etc. of the video, the same problem exists due to the incorrect sequence of numpy as well.\n\nFor audio, since the momo function is not enabled in librosa.load, the loaded audio is automatically encoded into single channels by librosa and returns a one-dimensional array of numpy, thus keeping the structure of numpy fixed and not affected by this issue.\n\n## Fixes\n\n* https://github.com/vllm-project/vllm/pull/17378",
  "id": "GHSA-c65p-x677-fgj6",
  "modified": "2025-05-29T21:36:24Z",
  "published": "2025-05-28T18:03:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-c65p-x677-fgj6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46722"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/pull/17378"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/commit/99404f53c72965b41558aceb1bc2380875f5d848"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-43.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vllm-project/vllm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vLLM has a Weakness in MultiModalHasher Image Hashing Implementation"
}

GHSA-C74J-26PG-R222

Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-30 03:36
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()

Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARN_ON() then go on to corrupt the kernel.

Just reject it outright and fail the QP creation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46117"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1288",
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T10:16:27Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()\n\nSashiko points out that the user can specify WQs sharing the same CQ as a\npart of the uAPI and this will trigger the WARN_ON() then go on to corrupt\nthe kernel.\n\nJust reject it outright and fail the QP creation.",
  "id": "GHSA-c74j-26pg-r222",
  "modified": "2026-06-30T03:36:53Z",
  "published": "2026-05-28T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46117"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27789"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30129"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-46117"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482576"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/159f2efabc89d3f931d38f2d35876535d4abf0a3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9cc0c6b1ba8cd5c55aef043e1384de0a8b4efa71"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ef65af26b2a6738bf15812042e84b3112402d3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db991ba50087ad99fa12a2c483aa3be19671ea73"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46117.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C96P-56GH-3PVW

Vulnerability from github – Published: 2026-07-05 09:30 – Updated: 2026-07-05 09:30
VLAI
Details

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the email_verified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but retrieves the email_verified status exclusively from the id_token. The root cause is a lack of validation ensuring that the email_verified claim in the id_token actually refers to the email address returned by the userinfo endpoint. If these two sources return different email addresses, the id_token's email_verified=true claim is blindly applied to the userinfo email. Exploitation Conditions: The OIDC identity provider must have trustEmail set to true (non-default).

The userinfo endpoint must be enabled (default).

The attacker must control or have compromised the upstream OIDC provider.

Concrete Impact: Mark arbitrary email addresses as verified in the Keycloak database.

Bypass email-based security controls or verification workflows.

Potential account takeover if the application relies solely on the email_verified flag from the IdP to link accounts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-14781"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-05T07:16:39Z",
    "severity": "MODERATE"
  },
  "details": "A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the email_verified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but retrieves the email_verified status exclusively from the id_token.\nThe root cause is a lack of validation ensuring that the email_verified claim in the id_token actually refers to the email address returned by the userinfo endpoint. If these two sources return different email addresses, the id_token\u0027s email_verified=true claim is blindly applied to the userinfo email.\nExploitation Conditions:\nThe OIDC identity provider must have trustEmail set to true (non-default).\n\nThe userinfo endpoint must be enabled (default).\n\nThe attacker must control or have compromised the upstream OIDC provider.\n\n\nConcrete Impact:\nMark arbitrary email addresses as verified in the Keycloak database.\n\nBypass email-based security controls or verification workflows.\n\nPotential account takeover if the application relies solely on the email_verified flag from the IdP to link accounts.",
  "id": "GHSA-c96p-56gh-3pvw",
  "modified": "2026-07-05T09:30:23Z",
  "published": "2026-07-05T09:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14781"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-14781"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497118"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CRH6-FP67-6883

Vulnerability from github – Published: 2022-11-01 17:29 – Updated: 2022-11-04 20:44
VLAI
Summary
xmldom allows multiple root nodes in a DOM
Details

Impact

xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to https://nvd.nist.gov/vuln/detail/CVE-2022-39299 and is a potential issue for dependents.

Patches

Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next).

Workarounds

One of the following approaches might help, depending on your use case: - Instead of searching for elements in the whole DOM, only search in the documentElement. - Reject a document with a document that has more then 1 childNode.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2022-39299
  • https://github.com/jindw/xmldom/issues/150

For more information

If you have any questions or comments about this advisory: * Email us at security@xmldom.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "xmldom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@xmldom/xmldom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@xmldom/xmldom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.8.0"
            },
            {
              "fixed": "0.8.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@xmldom/xmldom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.9.0-beta.1"
            },
            {
              "fixed": "0.9.0-beta.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1288",
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-01T17:29:11Z",
    "nvd_published_at": "2022-11-02T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nxmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing.\nThis breaks the assumption that there is only a single root node in the tree, which led to https://nvd.nist.gov/vuln/detail/CVE-2022-39299 and is a potential issue for dependents.\n\n### Patches\nUpdate to `@xmldom/xmldom@~0.7.7`, `@xmldom/xmldom@~0.8.4` (dist-tag `latest`) or `@xmldom/xmldom@\u003e=0.9.0-beta.4` (dist-tag `next`).\n\n### Workarounds\nOne of the following approaches might help, depending on your use case:\n- Instead of searching for elements in the whole DOM, only search in the `documentElement`.\n- Reject a document with a document that has more then 1 `childNode`.\n\n### References\n- https://nvd.nist.gov/vuln/detail/CVE-2022-39299\n- https://github.com/jindw/xmldom/issues/150\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n",
  "id": "GHSA-crh6-fp67-6883",
  "modified": "2022-11-04T20:44:46Z",
  "published": "2022-11-01T17:29:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39353"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jindw/xmldom/issues/150"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xmldom/xmldom/commit/52a708360c35aa160fcca8621720d71fd0f95f1a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xmldom/xmldom/commit/7ff7c10ab2961703ac1752e95b4ff60ee4ee6643"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xmldom/xmldom/commit/c02f786216bed70825f9a351c65e61500f51e931"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xmldom/xmldom"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xmldom/xmldom/releases/tag/0.7.7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xmldom/xmldom/releases/tag/0.8.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xmldom/xmldom/releases/tag/0.9.0-beta.4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00000.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "xmldom allows multiple root nodes in a DOM"
}

GHSA-FG8X-Q69G-4QP3

Vulnerability from github – Published: 2025-10-30 00:31 – Updated: 2025-10-30 17:05
VLAI
Summary
Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables
Details

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/reverse_proxy_header"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-10929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1288"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-30T17:05:15Z",
    "nvd_published_at": "2025-10-30T00:15:34Z",
    "severity": "MODERATE"
  },
  "details": "Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.",
  "id": "GHSA-fg8x-q69g-4qp3",
  "modified": "2025-10-30T17:05:15Z",
  "published": "2025-10-30T00:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10929"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2025-111"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables"
}

GHSA-FHVF-82GH-PPGJ

Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2024-10-21 15:32
VLAI
Details

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8305"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T15:15:04Z",
    "severity": "MODERATE"
  },
  "details": "prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4",
  "id": "GHSA-fhvf-82gh-ppgj",
  "modified": "2024-10-21T15:32:27Z",
  "published": "2024-10-21T15:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8305"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-92382"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G3QW-W3WP-F3M2

Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2025-08-22 18:31
VLAI
Details

Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1288",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-14T19:15:27Z",
    "severity": "HIGH"
  },
  "details": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.",
  "id": "GHSA-g3qw-w3wp-f3m2",
  "modified": "2025-08-22T18:31:10Z",
  "published": "2023-11-14T21:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32701"
    },
    {
      "type": "WEB",
      "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JGCQ-59JX-W43V

Vulnerability from github – Published: 2024-03-28 15:30 – Updated: 2024-03-28 15:30
VLAI
Details

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-28T15:15:48Z",
    "severity": "MODERATE"
  },
  "details": "In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools",
  "id": "GHSA-jgcq-59jx-w43v",
  "modified": "2024-03-28T15:30:34Z",
  "published": "2024-03-28T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31140"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.