CWE-178
AllowedImproper Handling of Case Sensitivity
Abstraction: Base · Status: Incomplete
The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.
136 vulnerabilities reference this CWE, most recent first.
CVE-2024-32879 (GCVE-0-2024-32879)
Vulnerability from cvelistv5 – Published: 2024-04-24 19:42 – Updated: 2024-08-02 02:20| URL | Tags |
|---|---|
| https://github.com/python-social-auth/social-app-… | x_refsource_CONFIRM |
| https://github.com/python-social-auth/social-app-… | x_refsource_MISC |
| https://github.com/python-social-auth/social-app-… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| python-social-auth | social-app-django |
Affected:
< 5.4.1
|
|
| python-social-auth | social-app-django |
Affected:
0 , < 5.4.1
(custom)
cpe:2.3:a:python-social-auth:social-app-django:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python-social-auth:social-app-django:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "social-app-django",
"vendor": "python-social-auth",
"versions": [
{
"lessThan": "5.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T19:27:52.308869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:12.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3"
},
{
"name": "https://github.com/python-social-auth/social-app-django/pull/566",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/python-social-auth/social-app-django/pull/566"
},
{
"name": "https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "social-app-django",
"vendor": "python-social-auth",
"versions": [
{
"status": "affected",
"version": "\u003c 5.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-178",
"description": "CWE-178: Improper Handling of Case Sensitivity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-24T19:42:14.642Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3"
},
{
"name": "https://github.com/python-social-auth/social-app-django/pull/566",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-social-auth/social-app-django/pull/566"
},
{
"name": "https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138"
}
],
"source": {
"advisory": "GHSA-2gr8-3wc7-xhj3",
"discovery": "UNKNOWN"
},
"title": "social-auth-app-django Improper Handling of Case Sensitivity vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32879",
"datePublished": "2024-04-24T19:42:14.642Z",
"dateReserved": "2024-04-19T14:07:11.230Z",
"dateUpdated": "2024-08-02T02:20:35.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23331 (GCVE-0-2024-23331)
Vulnerability from cvelistv5 – Published: 2024-01-19 19:43 – Updated: 2025-06-17 21:19| URL | Tags |
|---|---|
| https://github.com/vitejs/vite/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/vitejs/vite/commit/91641c4da0a… | x_refsource_MISC |
| https://vitejs.dev/config/server-options.html#ser… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw"
},
{
"name": "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5"
},
{
"name": "https://vitejs.dev/config/server-options.html#server-fs-deny",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vitejs.dev/config/server-options.html#server-fs-deny"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23331",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-22T14:54:35.729020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:25.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vite",
"vendor": "vitejs",
"versions": [
{
"status": "affected",
"version": "\u003e=2.7.0, \u003c 2.9.17"
},
{
"status": "affected",
"version": "\u003e=3.0.0, \u003c3.2.8"
},
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c 4.5.2"
},
{
"status": "affected",
"version": "\u003e=5.0.0, \u003c 5.0.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn\u0027t discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-178",
"description": "CWE-178: Improper Handling of Case Sensitivity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T19:43:17.404Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw"
},
{
"name": "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5"
},
{
"name": "https://vitejs.dev/config/server-options.html#server-fs-deny",
"tags": [
"x_refsource_MISC"
],
"url": "https://vitejs.dev/config/server-options.html#server-fs-deny"
}
],
"source": {
"advisory": "GHSA-c24v-8rfc-w8vw",
"discovery": "UNKNOWN"
},
"title": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23331",
"datePublished": "2024-01-19T19:43:17.404Z",
"dateReserved": "2024-01-15T15:19:19.442Z",
"dateUpdated": "2025-06-17T21:19:25.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6866 (GCVE-0-2024-6866)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:10 – Updated: 2025-11-03 19:34- CWE-178 - Improper Handling of Case Sensitivity
| Vendor | Product | Version | |
|---|---|---|---|
| corydolphin | corydolphin/flask-cors |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6866",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:47:43.885682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:14:35.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:34:42.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "corydolphin/flask-cors",
"vendor": "corydolphin",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching treats them as case-insensitive. This misconfiguration can lead to significant security vulnerabilities, allowing unauthorized origins to access paths meant to be restricted, resulting in data exposure and potential data leaks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-178",
"description": "CWE-178 Improper Handling of Case Sensitivity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T10:10:59.521Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6"
}
],
"source": {
"advisory": "808c11af-faee-43a8-824b-b5ab4f62b9e6",
"discovery": "EXTERNAL"
},
"title": "Case-Insensitive Path Matching in corydolphin/flask-cors"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-6866",
"datePublished": "2025-03-20T10:10:59.521Z",
"dateReserved": "2024-07-17T21:09:41.423Z",
"dateUpdated": "2025-11-03T19:34:42.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4759 (GCVE-0-2023-4759)
Vulnerability from cvelistv5 – Published: 2023-09-12 09:12 – Updated: 2024-08-02 07:37| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Eclipse JGit |
Affected:
0.0.0 , ≤ 6.6.0.202305301015-r
(semver)
Unaffected: 5.13.3.202401111512-r |
|
| eclipse | jgit |
Affected:
0 , ≤ 6.6.0.202305301015-r
(semver)
cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:* |
|
| eclipse | jgit |
Unaffected:
5.13.3.202401111512-r
cpe:2.3:a:eclipse:jgit:5.13.3.202401111512-r:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "jgit",
"vendor": "eclipse",
"versions": [
{
"lessThanOrEqual": "6.6.0.202305301015-r",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:eclipse:jgit:5.13.3.202401111512-r:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "jgit",
"vendor": "eclipse",
"versions": [
{
"status": "unaffected",
"version": "5.13.3.202401111512-r"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T03:55:38.083883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:51:38.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11"
},
{
"tags": [
"x_transferred"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/6.6.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.eclipse.org/c/jgit/jgit.git/",
"defaultStatus": "unaffected",
"product": "Eclipse JGit",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "6.6.0.202305301015-r",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": " 5.13.3.202401111512-r"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "RyotaK"
}
],
"datePublic": "2023-09-12T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eArbitrary File Overwrite in Eclipse JGit \u0026lt;= 6.6.0\u003c/p\u003e\u003cp\u003eIn Eclipse JGit, all versions \u0026lt;= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\u003c/p\u003e\u003cp\u003eThis can happen on checkout (\u003ccode\u003eDirCacheCheckout\u003c/code\u003e), merge (\u003ccode\u003eResolveMerger\u003c/code\u003e\u0026nbsp;via its \u003ccode\u003eWorkingTreeUpdater\u003c/code\u003e), pull (\u003ccode\u003ePullCommand\u003c/code\u003e\u0026nbsp;using merge), and when applying a patch (\u003ccode\u003ePatchApplier\u003c/code\u003e). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\u003c/p\u003e\u003cp\u003eThe issue occurs only on case-\u003cstrong\u003ein\u003c/strong\u003esensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\u003c/p\u003e\u003cp\u003eSetting git configuration option \u003ccode\u003ecore.symlinks = false\u003c/code\u003e\u0026nbsp;before checking out avoids the problem.\u003c/p\u003e\u003cp\u003eThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://repo1.maven.org/maven2/org/eclipse/jgit/\"\u003eMaven Central\u003c/a\u003e\u0026nbsp;and \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://repo.eclipse.org/content/repositories/jgit-releases/\"\u003erepo.eclipse.org\u003c/a\u003e. A backport is available in 5.13.3 starting from 5.13.3.202401111512-r.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Arbitrary File Overwrite in Eclipse JGit \u003c= 6.6.0\n\nIn Eclipse JGit, all versions \u003c= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\n\nThis can happen on checkout (DirCacheCheckout), merge (ResolveMerger\u00a0via its WorkingTreeUpdater), pull (PullCommand\u00a0using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\n\nThe issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\n\nSetting git configuration option core.symlinks = false\u00a0before checking out avoids the problem.\n\nThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ \u00a0and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r.\n\n\nThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-178",
"description": "CWE-178 Improper Handling of Case Sensitivity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T15:21:24.101Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11"
},
{
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/6.6.1"
},
{
"url": "https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSetting git configuration option \u003ccode\u003ecore.symlinks = false\u003c/code\u003e\u0026nbsp;before checking out avoids the problem.\u003c/p\u003e"
}
],
"value": "Setting git configuration option core.symlinks = false\u00a0before checking out avoids the problem.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2023-4759",
"datePublished": "2023-09-12T09:12:10.254Z",
"dateReserved": "2023-09-04T16:06:00.689Z",
"dateUpdated": "2024-08-02T07:37:59.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3545 (GCVE-0-2023-3545)
Vulnerability from cvelistv5 – Published: 2023-11-28 07:07 – Updated: 2024-08-02 07:01- CWE-178 - Improper Handling of Case Sensitivity
| URL | Tags |
|---|---|
| https://support.chamilo.org/projects/chamilo-18/w… | vendor-advisory |
| https://starlabs.sg/advisories/23/23-3545/ | third-party-advisory |
| https://github.com/chamilo/chamilo-lms/commit/dc7… | patch |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-125-2023-07-13-Critical-impact-Moderate-risk-Htaccess-File-Upload-Security-Bypass-on-Windows-CVE-2023-3545"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/23/23-3545/"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Chamilo",
"repo": "https://github.com/chamilo/chamilo-lms/",
"vendor": "Chamilo",
"versions": [
{
"lessThanOrEqual": "1.11.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ngo Wei Lin (@Creastery) of STAR Labs SG Pte. Ltd. (@starlabs_sg)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS \u0026lt;= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution."
}
],
"value": "Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS \u003c= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-178",
"description": "CWE-178 Improper Handling of Case Sensitivity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T07:07:27.183Z",
"orgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"shortName": "STAR_Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-125-2023-07-13-Critical-impact-Moderate-risk-Htaccess-File-Upload-Security-Bypass-on-Windows-CVE-2023-3545"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://starlabs.sg/advisories/23/23-3545/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Chamilo LMS Htaccess File Upload Security Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"assignerShortName": "STAR_Labs",
"cveId": "CVE-2023-3545",
"datePublished": "2023-11-28T07:07:27.183Z",
"dateReserved": "2023-07-07T13:10:48.745Z",
"dateUpdated": "2024-08-02T07:01:57.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39155 (GCVE-0-2021-39155)
Vulnerability from cvelistv5 – Published: 2021-08-24 22:25 – Updated: 2024-08-04 01:58- CWE-178 - Improper Handling of Case Sensitivity
| URL | Tags |
|---|---|
| https://github.com/istio/istio/security/advisorie… | x_refsource_CONFIRM |
| https://datatracker.ietf.org/doc/html/rfc4343 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/istio/istio/security/advisories/GHSA-7774-7vr3-cc8j"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc4343"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "istio",
"vendor": "istio",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.9.8"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.10.4"
},
{
"status": "affected",
"version": "\u003e= 1.11.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The proxy will route the request hostname in a case-insensitive way which means the authorization policy could be bypassed. As an example, the user may have an authorization policy that rejects request with hostname \"httpbin.foo\" for some source IPs, but the attacker can bypass this by sending the request with hostname \"Httpbin.Foo\". Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize Host header before the authorization check. This is similar to the Path normalization presented in the [Security Best Practices](https://istio.io/latest/docs/ops/best-practices/security/#case-normalization) guide."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-178",
"description": "CWE-178: Improper Handling of Case Sensitivity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-24T22:25:17.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/istio/istio/security/advisories/GHSA-7774-7vr3-cc8j"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://datatracker.ietf.org/doc/html/rfc4343"
}
],
"source": {
"advisory": "GHSA-7774-7vr3-cc8j",
"discovery": "UNKNOWN"
},
"title": "Authorization Policy Bypass Due to Case Insensitive Host Comparison",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39155",
"STATE": "PUBLIC",
"TITLE": "Authorization Policy Bypass Due to Case Insensitive Host Comparison"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "istio",
"version": {
"version_data": [
{
"version_value": "\u003c= 1.9.8"
},
{
"version_value": "\u003e= 1.10.0, \u003c 1.10.4"
},
{
"version_value": "\u003e= 1.11.0, \u003c 1.11.1"
}
]
}
}
]
},
"vendor_name": "istio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The proxy will route the request hostname in a case-insensitive way which means the authorization policy could be bypassed. As an example, the user may have an authorization policy that rejects request with hostname \"httpbin.foo\" for some source IPs, but the attacker can bypass this by sending the request with hostname \"Httpbin.Foo\". Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize Host header before the authorization check. This is similar to the Path normalization presented in the [Security Best Practices](https://istio.io/latest/docs/ops/best-practices/security/#case-normalization) guide."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-178: Improper Handling of Case Sensitivity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/istio/istio/security/advisories/GHSA-7774-7vr3-cc8j",
"refsource": "CONFIRM",
"url": "https://github.com/istio/istio/security/advisories/GHSA-7774-7vr3-cc8j"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc4343",
"refsource": "MISC",
"url": "https://datatracker.ietf.org/doc/html/rfc4343"
}
]
},
"source": {
"advisory": "GHSA-7774-7vr3-cc8j",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39155",
"datePublished": "2021-08-24T22:25:18.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:58:18.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24347 (GCVE-0-2021-24347)
Vulnerability from cvelistv5 – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28- CWE-178 - Improper Handling of Case Sensitivity
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/8f6e82d5-c0e9-46… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/163434/WordP… | x_refsource_MISC |
| http://packetstormsecurity.com/files/163675/WordP… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | SP Project & Document Manager |
Affected:
4.22 , < 4.22
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SP Project \u0026 Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.22",
"status": "affected",
"version": "4.22",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Viktor Markopoulos"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension\u0027s case, for example, from \"php\" to \"pHP\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-178",
"description": "CWE-178 Improper Handling of Case Sensitivity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:45:43.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SP Project \u0026 Document Manager \u003c2 4.22 - Authenticated Shell Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24347",
"STATE": "PUBLIC",
"TITLE": "SP Project \u0026 Document Manager \u003c2 4.22 - Authenticated Shell Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SP Project \u0026 Document Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.22",
"version_value": "4.22"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Viktor Markopoulos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension\u0027s case, for example, from \"php\" to \"pHP\"."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-178 Improper Handling of Case Sensitivity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"
},
{
"name": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"
},
{
"name": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24347",
"datePublished": "2021-06-14T13:37:12.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-24M3-W8G9-JWPQ
Vulnerability from github – Published: 2020-04-22 20:59 – Updated: 2024-02-06 13:27Background
The module controller in SimpleSAML\Module that processes requests for pages
hosted by modules, has code to identify paths ending with .php and process
those as PHP code. If no other suitable way of handling the given path exists it
presents the file to the browser.
Description
The check to identify paths ending with .php does not account for uppercase
letters. If someone requests a path ending with e.g. .PHP and the server is
serving the code from a case-insensitive file system, such as on Windows, the
processing of the PHP code does not occur, and the source code is instead
presented to the browser.
Affected versions
SimpleSAMLphp versions 1.18.5 and older.
Impact
An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows.
Resolution
Upgrade the SimpleSAMLphp installation to version 1.18.6.
Credit
This vulnerability was discovered and reported by Sławek Naczyński.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "simplesamlphp/simplesamlphp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-5301"
],
"database_specific": {
"cwe_ids": [
"CWE-178",
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2020-04-21T19:50:30Z",
"nvd_published_at": "2020-04-21T20:15:00Z",
"severity": "LOW"
},
"details": "### Background\n\nThe module controller in `SimpleSAML\\Module` that processes requests for pages\nhosted by modules, has code to identify paths ending with `.php` and process\nthose as PHP code. If no other suitable way of handling the given path exists it\npresents the file to the browser.\n\n### Description\n\nThe check to identify paths ending with `.php` does not account for uppercase\nletters. If someone requests a path ending with e.g. `.PHP` and the server is\nserving the code from a case-insensitive file system, such as on Windows, the\nprocessing of the PHP code does not occur, and the source code is instead\npresented to the browser.\n\n### Affected versions\n\nSimpleSAMLphp versions **1.18.5 and older**.\n\n### Impact\n\nAn attacker may use this issue to gain access to the source code in third-party\nmodules that is meant to be private, or even sensitive. However, the attack\nsurface is considered small, as the attack will only work when SimpleSAMLphp\nserves such content from a file system that is not case-sensitive, such as on\nWindows.\n\n### Resolution\n\nUpgrade the SimpleSAMLphp installation to version **1.18.6**.\n\n### Credit\n\nThis vulnerability was discovered and reported by S\u0142awek Naczy\u0144ski.",
"id": "GHSA-24m3-w8g9-jwpq",
"modified": "2024-02-06T13:27:42Z",
"published": "2020-04-22T20:59:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5301"
},
{
"type": "WEB",
"url": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2020-5301.yaml"
},
{
"type": "WEB",
"url": "https://github.com/simplesamlphp/simplesamlphp"
},
{
"type": "WEB",
"url": "https://simplesamlphp.org/security/202004-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Information disclosure of source code in SimpleSAMLphp"
}
GHSA-2C2H-2855-MF97
Vulnerability from github – Published: 2025-03-09 15:31 – Updated: 2025-03-25 18:38Bypass/Injection vulnerability in Apache Camel components under particular conditions.
This issue affects Apache Camel: from 4.9.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3.
Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases.
This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, to call another method on the bean, than was coded in the application. In the camel-jms component, then a malicious header can be used to send the message to another queue (on the same broker) than was coded in the application. This could also be seen by using the camel-exec component.
The attacker would need to inject custom headers, such as HTTP protocols. So if you have Camel applications that are directly connected to the internet via HTTP, then an attacker could include malicious HTTP headers in the HTTP requests that are send to the Camel application.
All the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box.
In these conditions an attacker could be able to forge a Camel header name and make the bean component invoking other methods in the same bean.
In terms of usage of the default header filter strategy the list of components using that is:
- camel-activemq
- camel-activemq6
- camel-amqp
- camel-aws2-sqs
- camel-azure-servicebus
- camel-cxf-rest
- camel-cxf-soap
- camel-http
- camel-jetty
- camel-jms
- camel-kafka
- camel-knative
- camel-mail
- camel-nats
- camel-netty-http
- camel-platform-http
- camel-rest
- camel-sjms
- camel-spring-rabbitmq
- camel-stomp
- camel-tahu
- camel-undertow
- camel-xmpp
The vulnerability arises due to a bug in the default filtering mechanism that only blocks headers starting with "Camel", "camel", or "org.apache.camel.".
Mitigation: You can easily work around this in your Camel applications by removing the headers in your Camel routes. There are many ways of doing this, also globally or per route. This means you could use the removeHeaders EIP, to filter out anything like "cAmel, cAMEL" etc, or in general everything not starting with "Camel", "camel" or "org.apache.camel.".
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.camel:camel-support"
},
"ranges": [
{
"events": [
{
"introduced": "3.10.0"
},
{
"fixed": "3.22.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.camel:camel-support"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0-M1"
},
{
"fixed": "4.8.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.camel:camel-support"
},
"ranges": [
{
"events": [
{
"introduced": "4.9.0"
},
{
"fixed": "4.10.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-27636"
],
"database_specific": {
"cwe_ids": [
"CWE-178"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-10T20:49:46Z",
"nvd_published_at": "2025-03-09T13:15:34Z",
"severity": "MODERATE"
},
"details": "Bypass/Injection vulnerability in Apache Camel components under particular conditions.\n\nThis issue affects Apache Camel: from 4.9.0 through \u003c= 4.10.1, from 4.8.0 through \u003c= 4.8.4, from 3.10.0 through \u003c= 3.22.3.\n\nUsers are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases.\n\nThis vulnerability is present in Camel\u0027s default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, to call another method on the bean, than was coded in the application. In the `camel-jms` component, then a malicious header can be used to send the message to another queue (on the same broker) than was coded in the application. This could also be seen by using the camel-exec component.\n\nThe attacker would need to inject custom headers, such as HTTP protocols. So if you have Camel applications that are directly connected to the internet via HTTP, then an attacker could include malicious HTTP headers in the HTTP requests that are send to the Camel application.\n\nAll the known Camel HTTP component such as `camel-servlet`, `camel-jetty`, `camel-undertow`, `camel-platform-http`, and `camel-netty-http` would be vulnerable out of the box.\n\nIn these conditions an attacker could be able to forge a Camel header name and make the bean component invoking other methods in the same bean.\n\nIn terms of usage of the default header filter strategy the list of components using that is: \n\n * camel-activemq\n * camel-activemq6\n * camel-amqp\n * camel-aws2-sqs\n * camel-azure-servicebus\n * camel-cxf-rest\n * camel-cxf-soap\n * camel-http\n * camel-jetty\n * camel-jms\n * camel-kafka\n * camel-knative\n * camel-mail\n * camel-nats\n * camel-netty-http\n * camel-platform-http\n * camel-rest\n * camel-sjms\n * camel-spring-rabbitmq\n * camel-stomp\n * camel-tahu\n * camel-undertow\n * camel-xmpp\n\nThe vulnerability arises due to a bug in the default filtering mechanism that only blocks headers starting with \"Camel\", \"camel\", or \"org.apache.camel.\". \n\nMitigation: You can easily work around this in your Camel applications by removing the headers in your Camel routes. There are many ways of doing this, also globally or per route. This means you could use the removeHeaders EIP, to filter out anything like \"cAmel, cAMEL\" etc, or in general everything not starting with \"Camel\", \"camel\" or \"org.apache.camel.\".",
"id": "GHSA-2c2h-2855-mf97",
"modified": "2025-03-25T18:38:07Z",
"published": "2025-03-09T15:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27636"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel/commit/23a833eec6131a3cdce6e4b1b40b3ac2035b6adf"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel/commit/45a6b74f7f8af8fd58f197566938a9534392a624"
},
{
"type": "WEB",
"url": "https://camel.apache.org/security/CVE-2025-27636.html"
},
{
"type": "WEB",
"url": "https://github.com/akamai/CVE-2025-27636-Apache-Camel-PoC/blob/main/src/main/java/com/example/camel/VulnerableCamel.java"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/camel"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel/blob/camel-4.9.0/core/camel-support/src/main/java/org/apache/camel/support/DefaultHeaderFilterStrategy.java"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/CAMEL-21828"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/03/09/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache Camel: Camel Message Header Injection via Improper Filtering"
}
GHSA-2GR8-3WC7-XHJ3
Vulnerability from github – Published: 2024-04-24 18:47 – Updated: 2024-08-28 20:09Impact
Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match.
Patches
This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix released in 5.4.1.
Workarounds
An immediate workaround would be to change collation of the affected field:
ALTER TABLE `social_auth_usersocialauth` MODIFY `uid` varchar(255) COLLATE `utf8_bin`;
References
This issue was discovered by folks at https://opencraft.com/.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "social-auth-app-django"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-32879"
],
"database_specific": {
"cwe_ids": [
"CWE-178",
"CWE-303"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-24T18:47:21Z",
"nvd_published_at": "2024-04-24T20:15:07Z",
"severity": "MODERATE"
},
"details": "### Impact\nDue to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match.\n\n### Patches\nThis issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix released in 5.4.1.\n\n### Workarounds\nAn immediate workaround would be to change collation of the affected field:\n\n```mysql\nALTER TABLE `social_auth_usersocialauth` MODIFY `uid` varchar(255) COLLATE `utf8_bin`;\n```\n\n### References\nThis issue was discovered by folks at https://opencraft.com/.\n",
"id": "GHSA-2gr8-3wc7-xhj3",
"modified": "2024-08-28T20:09:46Z",
"published": "2024-04-24T18:47:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32879"
},
{
"type": "WEB",
"url": "https://github.com/python-social-auth/social-app-django/pull/566"
},
{
"type": "WEB",
"url": "https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138"
},
{
"type": "PACKAGE",
"url": "https://github.com/python-social-auth/social-app-django"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "social-auth-app-django affected by Improper Handling of Case Sensitivity"
}
Mitigation MIT-44
Strategy: Input Validation
Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.