CWE-155
AllowedImproper Neutralization of Wildcards or Matching Symbols
Abstraction: Variant · Status: Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component.
31 vulnerabilities reference this CWE, most recent first.
CVE-2024-0055 (GCVE-0-2024-0055)
Vulnerability from cvelistv5 – Published: 2024-03-19 06:39 – Updated: 2024-11-08 08:51- CWE-155 - Improper Neutralization of Wildcards or Matching Symbols
| Vendor | Product | Version | |
|---|---|---|---|
| Axis Communications AB | AXIS OS |
Affected:
AXIS OS 10.12 - 11.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-19T12:53:50.585876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T21:07:59.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.axis.com/dam/public/c4/00/c5/cve-2024-0055-en-US-432117.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS OS",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 10.12 - 11.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs \u003ci\u003emediaclip.cgi\u003c/i\u003e and \u003ci\u003eplayclip.cgi\u003c/i\u003e was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\u003cbr\u003e"
}
],
"value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T08:51:23.936Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/c4/00/c5/cve-2024-0055-en-US-432117.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2024-0055",
"datePublished": "2024-03-19T06:39:24.100Z",
"dateReserved": "2023-11-21T07:10:29.057Z",
"dateUpdated": "2024-11-08T08:51:23.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0054 (GCVE-0-2024-0054)
Vulnerability from cvelistv5 – Published: 2024-03-19 06:35 – Updated: 2024-11-08 08:51- CWE-155 - Improper Neutralization of Wildcards or Matching Symbols
| Vendor | Product | Version | |
|---|---|---|---|
| Axis Communications AB | AXIS OS |
Affected:
AXIS OS 6.50 - 11.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.axis.com/dam/public/76/f3/1d/cve-2024-0054-en-US-432116.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T15:12:31.034533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T15:12:50.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS OS",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 6.50 - 11.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eSandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs \u003ci\u003elocal_list.cgi\u003c/i\u003e, \u003ci\u003ecreate_overlay.cgi\u003c/i\u003e and \u003ci\u003eirissetup.cgi\u003c/i\u003e\u0026nbsp;was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS\nversions for the highlighted flaw. Please refer to the Axis security advisory\nfor more information and solution.\n\n\u003c/div\u003e"
}
],
"value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi\u00a0was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS\nversions for the highlighted flaw. Please refer to the Axis security advisory\nfor more information and solution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T08:51:53.794Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/76/f3/1d/cve-2024-0054-en-US-432116.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2024-0054",
"datePublished": "2024-03-19T06:35:15.078Z",
"dateReserved": "2023-11-21T07:10:24.938Z",
"dateUpdated": "2024-11-08T08:51:53.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21646 (GCVE-0-2022-21646)
Vulnerability from cvelistv5 – Published: 2022-01-11 21:50 – Updated: 2025-04-23 19:13| URL | Tags |
|---|---|
| https://github.com/authzed/spicedb/security/advis… | x_refsource_CONFIRM |
| https://github.com/authzed/spicedb/issues/358 | x_refsource_MISC |
| https://github.com/authzed/spicedb/commit/15bba2e… | x_refsource_MISC |
| https://github.com/authzed/spicedb/releases/tag/v1.4.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-7p8f-8hjm-wm92"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/authzed/spicedb/issues/358"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/authzed/spicedb/commit/15bba2e2d2a4bda336a37a7fe8ef8a35028cd970"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/authzed/spicedb/releases/tag/v1.4.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:56:58.194304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:13:28.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "spicedb",
"vendor": "authzed",
"versions": [
{
"status": "affected",
"version": "= 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`LookupResources` return a resource as \"accessible\" if it is *not* accessible by virtue of the inclusion of the wildcard in the intersection or the right side of the exclusion. In `v1.3.0`, the wildcard is ignored entirely in lookup\u0027s dispatch, resulting in the `banned` wildcard being ignored in the exclusion. Version 1.4.0 contains a patch for this issue. As a workaround, don\u0027t make use of wildcards on the right side of intersections or within exclusions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-11T21:50:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-7p8f-8hjm-wm92"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/authzed/spicedb/issues/358"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/authzed/spicedb/commit/15bba2e2d2a4bda336a37a7fe8ef8a35028cd970"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/authzed/spicedb/releases/tag/v1.4.0"
}
],
"source": {
"advisory": "GHSA-7p8f-8hjm-wm92",
"discovery": "UNKNOWN"
},
"title": "Lookup operations do not take into account wildcards in SpiceDB",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21646",
"STATE": "PUBLIC",
"TITLE": "Lookup operations do not take into account wildcards in SpiceDB"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spicedb",
"version": {
"version_data": [
{
"version_value": "= 1.3.0"
}
]
}
}
]
},
"vendor_name": "authzed"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`LookupResources` return a resource as \"accessible\" if it is *not* accessible by virtue of the inclusion of the wildcard in the intersection or the right side of the exclusion. In `v1.3.0`, the wildcard is ignored entirely in lookup\u0027s dispatch, resulting in the `banned` wildcard being ignored in the exclusion. Version 1.4.0 contains a patch for this issue. As a workaround, don\u0027t make use of wildcards on the right side of intersections or within exclusions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/authzed/spicedb/security/advisories/GHSA-7p8f-8hjm-wm92",
"refsource": "CONFIRM",
"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-7p8f-8hjm-wm92"
},
{
"name": "https://github.com/authzed/spicedb/issues/358",
"refsource": "MISC",
"url": "https://github.com/authzed/spicedb/issues/358"
},
{
"name": "https://github.com/authzed/spicedb/commit/15bba2e2d2a4bda336a37a7fe8ef8a35028cd970",
"refsource": "MISC",
"url": "https://github.com/authzed/spicedb/commit/15bba2e2d2a4bda336a37a7fe8ef8a35028cd970"
},
{
"name": "https://github.com/authzed/spicedb/releases/tag/v1.4.0",
"refsource": "MISC",
"url": "https://github.com/authzed/spicedb/releases/tag/v1.4.0"
}
]
},
"source": {
"advisory": "GHSA-7p8f-8hjm-wm92",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21646",
"datePublished": "2022-01-11T21:50:10.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:13:28.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1772 (GCVE-0-2020-1772)
Vulnerability from cvelistv5 – Published: 2020-03-27 12:47 – Updated: 2024-09-16 23:25| URL | Tags |
|---|---|
| https://otrs.com/release-notes/otrs-security-advi… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-list |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2023… | mailing-list |
| Vendor | Product | Version | |
|---|---|---|---|
| OTRS AG | ((OTRS)) Community Edition |
Affected:
5.0.x , ≤ 5.0.41
(custom)
Affected: 6.0.x , ≤ 6.0.26 (custom) |
|
| OTRS AG | OTRS |
Affected:
7.0.x , ≤ 7.0.15
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-09/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "[debian-lts-announce] 20200501 [SECURITY] [DLA 2198-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "5.0.41",
"status": "affected",
"version": "5.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.26",
"status": "affected",
"version": "6.0.x",
"versionType": "custom"
}
]
},
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fabian Henneke"
}
],
"datePublic": "2020-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It\u0027s possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:30.794Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2020-09/"
},
{
"name": "openSUSE-SU-2020:0551",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html"
},
{
"name": "[debian-lts-announce] 20200501 [SECURITY] [DLA 2198-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html"
},
{
"name": "openSUSE-SU-2020:1475",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html"
},
{
"name": "openSUSE-SU-2020:1509",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to OTRS 7.0.16, ((OTRS)) Community Edition 6.0.27, 5.0.42\n\nPatch for ((OTRS)) Community Edition 6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b\nPatch for ((OTRS)) Community Edition 5: https://github.com/OTRS/otrs/commit/96cc7826d6ce260204ff629fc968edd2787b7f6b"
}
],
"source": {
"advisory": "OSA-2020-09",
"defect": [
"2020012742001563"
],
"discovery": "EXTERNAL"
},
"title": "Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2020-1772",
"datePublished": "2020-03-27T12:47:49.502Z",
"dateReserved": "2019-11-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:25:42.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3802 (GCVE-0-2019-3802)
Vulnerability from cvelistv5 – Published: 2019-06-03 13:47 – Updated: 2024-09-17 00:22- CWE-155 - Improper Neutralization of Wildcards or Matching Symbols
| URL | Tags |
|---|---|
| https://pivotal.io/security/cve-2019-3802 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Data JPA |
Affected:
2.1 , < 2.1.8.RELEASE
(custom)
Affected: 1.11 , < 1.11.22.RELEASE (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Data JPA",
"vendor": "Spring",
"versions": [
{
"lessThan": "2.1.8.RELEASE",
"status": "affected",
"version": "2.1",
"versionType": "custom"
},
{
"lessThan": "1.11.22.RELEASE",
"status": "affected",
"version": "1.11",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-03T13:47:42.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3802"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Additional information exposure with Spring Data JPA example matcher",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-05-13T00:00:00.000Z",
"ID": "CVE-2019-3802",
"STATE": "PUBLIC",
"TITLE": "Additional information exposure with Spring Data JPA example matcher"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Data JPA",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.1",
"version_value": "2.1.8.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "1.11",
"version_value": "1.11.22.RELEASE"
}
]
}
}
]
},
"vendor_name": "Spring"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-3802",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3802"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3802",
"datePublished": "2019-06-03T13:47:42.791Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:22:02.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2QVW-8F7V-J53G
Vulnerability from github – Published: 2025-06-13 00:33 – Updated: 2025-06-27 18:30An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.
{
"affected": [],
"aliases": [
"CVE-2025-4232"
],
"database_specific": {
"cwe_ids": [
"CWE-155"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-13T00:15:23Z",
"severity": "HIGH"
},
"details": "An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect\u2122 app on macOS allows a non administrative user to escalate their privileges to root.",
"id": "GHSA-2qvw-8f7v-j53g",
"modified": "2025-06-27T18:30:38Z",
"published": "2025-06-13T00:33:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4232"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2025-4232"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-34CC-VPPQ-RVHP
Vulnerability from github – Published: 2025-01-30 21:31 – Updated: 2025-01-30 21:31The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.
{
"affected": [],
"aliases": [
"CVE-2025-0681"
],
"database_specific": {
"cwe_ids": [
"CWE-155"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-30T19:15:14Z",
"severity": "MODERATE"
},
"details": "The Cloud MQTT service of the affected products supports wildcard topic \nsubscription which could allow an attacker to obtain sensitive \ninformation from tapping the service communications.",
"id": "GHSA-34cc-vppq-rvhp",
"modified": "2025-01-30T21:31:22Z",
"published": "2025-01-30T21:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0681"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02"
},
{
"type": "WEB",
"url": "https://www.newrocktech.com/ContactUs/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-394X-VWMW-CRM3
Vulnerability from github – Published: 2026-03-20 20:34 – Updated: 2026-03-20 20:34Summary
AWS-LC is an open-source, general-purpose cryptographic library.
Impact
A logic error in CN (Common Name) validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid DNS identifiers, causing NAME_CONSTRAINTS_check_CN to skip validation. However, X509_check_host accepts these CN values when no dNSName SAN is present, allowing certificates to bypass name constraints while still being used for hostname verification.
Customers of AWS services do not need to take action. Applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.
Impacted versions:
- aws-lc-sys >= v0.32.0, < v0.39.0
Patches
The patch is included in aws-lc-sys v0.39.0.
Workarounds
Applications that set X509_CHECK_FLAG_NEVER_CHECK_SUBJECT to disable CN fallback are not affected. Applications that only encounter certificates with dNSName SANs (standard for public WebPKI) are also not affected.
Otherwise, there is no workaround and applications using aws-lc-sys should upgrade to the most recent releases of aws-lc-sys.
References
If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
Credits
Oleh Konko from 1seal (https://1seal.org/)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "aws-lc-sys"
},
"ranges": [
{
"events": [
{
"introduced": "0.32.0"
},
{
"fixed": "0.39.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-155",
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-20T20:34:59Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nAWS-LC is an open-source, general-purpose cryptographic library.\n\n### Impact\n\nA logic error in CN (Common Name) validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The `cn2dnsid` function does not recognize these CN patterns as valid DNS identifiers, causing `NAME_CONSTRAINTS_check_CN` to skip validation. However, `X509_check_host` accepts these CN values when no dNSName SAN is present, allowing certificates to bypass name constraints while still being used for hostname verification.\n\nCustomers of AWS services do not need to take action. Applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.\n\n### Impacted versions:\n\n* aws-lc-sys \u003e= v0.32.0, \u003c v0.39.0\n\n### Patches\n\nThe patch is included in aws-lc-sys v0.39.0.\n\n### Workarounds\n\nApplications that set `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` to disable CN fallback are not affected. Applications that only encounter certificates with dNSName SANs (standard for public WebPKI) are also not affected.\n\nOtherwise, there is no workaround and applications using aws-lc-sys should upgrade to the most recent releases of aws-lc-sys.\n\n### References\n\nIf you have any questions or comments about this advisory, we ask that you contact AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting/) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.\n\n### Credits\n\nOleh Konko from 1seal (https://1seal.org/)",
"id": "GHSA-394x-vwmw-crm3",
"modified": "2026-03-20T20:34:59Z",
"published": "2026-03-20T20:34:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aws/aws-lc-rs/security/advisories/GHSA-394x-vwmw-crm3"
},
{
"type": "PACKAGE",
"url": "https://github.com/aws/aws-lc-rs"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0044.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN"
}
GHSA-3WGQ-H4FR-CWG5
Vulnerability from github – Published: 2025-03-12 15:56 – Updated: 2025-03-12 15:56Impact
Medium
Patches
Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0
Workarounds
Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation < 11.44.1
References
https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "macropay-solutions/laravel-crud-wizard-free"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-155"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-12T15:56:23Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nMedium\n\n### Patches\nVersion 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0\n\n### Workarounds\nRegister \\MacropaySolutions\\LaravelCrudWizard\\Providers\\ValidationServiceProvider instead of Illuminate\\Validation\\ValidationServiceProvider::class if you are using illuminate/validation \u003c 11.44.1\n\n### References\nhttps://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4",
"id": "GHSA-3wgq-h4fr-cwg5",
"modified": "2025-03-12T15:56:23Z",
"published": "2025-03-12T15:56:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4"
},
{
"type": "WEB",
"url": "https://github.com/macropay-solutions/laravel-crud-wizard-free/security/advisories/GHSA-3wgq-h4fr-cwg5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27515"
},
{
"type": "WEB",
"url": "https://github.com/macropay-solutions/laravel-crud-wizard-free/commit/5c268cc930ec23a2e6761878cc57c6bd1d1889d2"
},
{
"type": "PACKAGE",
"url": "https://github.com/macropay-solutions/laravel-crud-wizard-free"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "laravel-crud-wizard-free has File Validation Bypass "
}
GHSA-464P-MH7X-6549
Vulnerability from github – Published: 2025-10-21 18:30 – Updated: 2025-10-21 18:30The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key information to connect to the cameras from peer to peer.
{
"affected": [],
"aliases": [
"CVE-2025-11757"
],
"database_specific": {
"cwe_ids": [
"CWE-155"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-21T18:15:35Z",
"severity": "HIGH"
},
"details": "The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key information to connect to the cameras from peer to peer.",
"id": "GHSA-464p-mh7x-6549",
"modified": "2025-10-21T18:30:35Z",
"published": "2025-10-21T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11757"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Developers should anticipate that wildcard or matching elements will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-28
Strategy: Output Encoding
While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88).
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.