Common Weakness Enumeration

CWE-471

Allowed

Modification of Assumed-Immutable Data (MAID)

Abstraction: Base · Status: Draft

The product does not properly protect an assumed-immutable element from being modified by an attacker.

69 vulnerabilities reference this CWE, most recent first.

GHSA-FVQR-27WR-82FM

Vulnerability from github – Published: 2018-07-26 15:14 – Updated: 2025-08-12 21:37
VLAI
Summary
Prototype Pollution in lodash
Details

Versions of lodash before 4.17.5 are vulnerable to prototype pollution.

The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via __proto__ causing the addition or modification of an existing property that will exist on all objects.

Recommendation

Update to version 4.17.5 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "lodash"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.17.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "lodash-rails"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.17.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-3721"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-471"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:35:26Z",
    "nvd_published_at": "2018-06-07T02:29:08Z",
    "severity": "MODERATE"
  },
  "details": "Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are \u0027defaultsDeep\u0027, \u0027merge\u0027, and \u0027mergeWith\u0027 which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nUpdate to version 4.17.5 or later.",
  "id": "GHSA-fvqr-27wr-82fm",
  "modified": "2025-08-12T21:37:06Z",
  "published": "2018-07-26T15:14:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3721"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/310443"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2018-3721.yml"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190919-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in lodash"
}

GHSA-GRPG-9H7C-FF7X

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-05-24 22:28
VLAI
Details

An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-471"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-05T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user\u2019s cloud account.",
  "id": "GHSA-grpg-9h7c-ff7x",
  "modified": "2022-05-24T22:28:40Z",
  "published": "2022-05-24T22:28:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42701"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HHVC-G5HV-48C6

Vulnerability from github – Published: 2020-12-10 19:07 – Updated: 2024-10-28 20:04
VLAI
Summary
Write to immutable memory region in TensorFlow
Details

Impact

The tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area:

>>> import tensorflow as tf
>>> with open('/tmp/test.txt','w') as f: f.write('a'*128)
>>> tf.raw_ops.ImmutableConst(dtype=tf.string,shape=2,
                              memory_region_name='/tmp/test.txt')

If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault.

This is because the alocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overriden.

Patches

We have patched the issue in GitHub commit c1e1fc899ad5f8c725dcbb6470069890b5060bc7 and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.

Since this issue also impacts TF versions before 2.4, we will patch all releases between 1.15 and 2.3 inclusive.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26268"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-471"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-12-10T19:05:24Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe `tf.raw_ops.ImmutableConst` operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area:\n\n```python\n\u003e\u003e\u003e import tensorflow as tf\n\u003e\u003e\u003e with open(\u0027/tmp/test.txt\u0027,\u0027w\u0027) as f: f.write(\u0027a\u0027*128)\n\u003e\u003e\u003e tf.raw_ops.ImmutableConst(dtype=tf.string,shape=2,\n                              memory_region_name=\u0027/tmp/test.txt\u0027)\n```\n\nIf the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault.\n\nThis is because the alocator used to return the buffer data is not marked as returning an opaque handle since the [needed virtual method](https://github.com/tensorflow/tensorflow/blob/c1e1fc899ad5f8c725dcbb6470069890b5060bc7/tensorflow/core/framework/typed_allocator.h#L78-L85) is [not overriden](https://github.com/tensorflow/tensorflow/blob/acdf3c04fcfa767ae8d109b9e1f727ef050dba4d/tensorflow/core/kernels/immutable_constant_op.cc).\n\n### Patches\nWe have patched the issue in GitHub commit [c1e1fc899ad5f8c725dcbb6470069890b5060bc7](https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7) and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.\n\nSince this issue also impacts TF versions before 2.4, we will patch all releases between 1.15 and 2.3 inclusive.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-hhvc-g5hv-48c6",
  "modified": "2024-10-28T20:04:42Z",
  "published": "2020-12-10T19:07:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hhvc-g5hv-48c6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26268"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-299.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-334.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-255.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Write to immutable memory region in TensorFlow"
}

GHSA-J7QQ-8HRP-F3J8

Vulnerability from github – Published: 2025-03-19 15:31 – Updated: 2025-03-25 18:30
VLAI
Details

An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-55551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-471",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-19T14:15:37Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution vulnerability.",
  "id": "GHSA-j7qq-8hrp-f3j8",
  "modified": "2025-03-25T18:30:53Z",
  "published": "2025-03-19T15:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55551"
    },
    {
      "type": "WEB",
      "url": "https://docs.exasol.com/db/7.1/release_notes_drivers_jdbc/24.2.1.htm"
    },
    {
      "type": "WEB",
      "url": "https://docs.exasol.com/db/latest/connect_exasol/drivers/jdbc.htm"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/azraelxuemo/9565ec9219e0c3e9afd5474904c39d0f"
    },
    {
      "type": "WEB",
      "url": "https://www.blackhat.com/eu-24/briefings/schedule/index.html#a-novel-attack-surface-java-authentication-and-authorization-service-jaas-42179"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JCRJ-GMR6-P5J8

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2024-01-17 15:43
VLAI
Summary
Moodle Allows Modification of Constants
Details

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0"
            },
            {
              "fixed": "2.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1"
            },
            {
              "fixed": "2.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-4301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-471"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-17T15:43:30Z",
    "nvd_published_at": "2012-07-11T10:26:00Z",
    "severity": "MODERATE"
  },
  "details": "The `MoodleQuickForm` class in the Forms Library in `lib/formslib.php` in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API `setConstant` operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.",
  "id": "GHSA-jcrj-gmr6-p5j8",
  "modified": "2024-01-17T15:43:30Z",
  "published": "2022-05-13T01:13:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4301"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/1f52e72526c305989eadc702b5299edb2a50ac3c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/2a44c5192c875c4f4b4e813d7227b19d8fda86ba"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/a6f18c98f43b6fc6b8b7c4e96af41cb4a626e1b8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8"
    },
    {
      "type": "WEB",
      "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8"
    },
    {
      "type": "WEB",
      "url": "http://moodle.org/mod/forum/discuss.php?d=188313"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Moodle Allows Modification of Constants"
}

GHSA-M9HW-7XFV-WQG7

Vulnerability from github – Published: 2020-11-12 19:36 – Updated: 2020-11-12 19:35
VLAI
Summary
Prototype Pollution in json-logic-js
Details

Versions of json-logic-js prior to 2.0.0 are vulnerable to Prototype Pollution. The method operation allows a malicious user to modify the prototype of Object through the method property name. This causes modification of any existing property that will exist on all objects and leads to Remote Code Execution.

The following rule creates a popup when run from a browser:

{
  "method": [
    {
      "method": [
        {
          "var": "__proto__.constructor.is.__proto__"
        },
        "constructor",
        [
          "var x = 'SECURITY!'; console.log(x, window.fetch); alert(x)"
        ]
      ]
    },
    "call"
  ]
}
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "json-logic-js"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-471"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-11-12T19:35:53Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Versions of json-logic-js prior to 2.0.0 are vulnerable to Prototype Pollution. The method operation allows a malicious user to modify the prototype of Object through the method property name. This causes modification of any existing property that will exist on all objects and leads to Remote Code Execution.\n\nThe following rule creates a popup when run from a browser:\n```\n{\n  \"method\": [\n    {\n      \"method\": [\n        {\n          \"var\": \"__proto__.constructor.is.__proto__\"\n        },\n        \"constructor\",\n        [\n          \"var x = \u0027SECURITY!\u0027; console.log(x, window.fetch); alert(x)\"\n        ]\n      ]\n    },\n    \"call\"\n  ]\n}\n```",
  "id": "GHSA-m9hw-7xfv-wqg7",
  "modified": "2020-11-12T19:35:53Z",
  "published": "2020-11-12T19:36:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jwadhams/json-logic-js/commit/fadfa5dc7ccd1cc5c9a1900a97a15af390bf642b"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1542"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/json-logic-js"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Prototype Pollution in json-logic-js"
}

GHSA-P343-9QWP-PQXV

Vulnerability from github – Published: 2024-05-07 18:30 – Updated: 2025-03-25 15:45
VLAI
Summary
Neo4j Cypher component mishandles IMMUTABLE privileges
Details

The Cypher component in Neo4j between v.5.0.0 and v.5.19.0 mishandles IMMUTABLE.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.neo4j:neo4j-cypher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.19.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-34517"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-471"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-07T19:59:41Z",
    "nvd_published_at": "2024-05-07T18:15:08Z",
    "severity": "MODERATE"
  },
  "details": "The Cypher component in Neo4j between v.5.0.0 and v.5.19.0 mishandles IMMUTABLE.",
  "id": "GHSA-p343-9qwp-pqxv",
  "modified": "2025-03-25T15:45:23Z",
  "published": "2024-05-07T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34517"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-p343-9qwp-pqxv"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/neo4j/neo4j"
    },
    {
      "type": "WEB",
      "url": "https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher"
    },
    {
      "type": "WEB",
      "url": "https://neo4j.com/security/cve-2024-34517"
    },
    {
      "type": "WEB",
      "url": "https://trust.neo4j.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Neo4j Cypher component mishandles IMMUTABLE privileges"
}

GHSA-P3HX-PWF3-J8WR

Vulnerability from github – Published: 2026-05-13 15:31 – Updated: 2026-06-09 10:18
VLAI
Summary
Nautobot: GitRepository.current_head field should not be writable through REST API
Details

Impact

A user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value.

Patches

The issue has been remediated in Nautobot v2.4.33 and 3.1.2.

Workarounds

Note that many of the same end-result symptoms could be caused by a user with the same level of access simply changing the branch or remote_url of a GitRepository rather than crafting the current_head. Administrators are encouraged to carefully review which users are granted permissions to create and modify GitRepository records.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "nautobot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0a2"
            },
            {
              "fixed": "3.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "nautobot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.33"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44798"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-471",
      "CWE-749"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-13T15:31:04Z",
    "nvd_published_at": "2026-05-28T18:16:34Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA user with access to add/change a GitRepository record could use the REST API to directly set the `current_head` field on the record, which was not intended to be user-editable. Doing so could cause Nautobot\u0027s local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified `branch` (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the `current_head` pointing to a nonexistent commit hash or malformed value.\n\n### Patches\n\nThe issue has been remediated in Nautobot v2.4.33 and 3.1.2.\n\n\n### Workarounds\n\nNote that many of the same end-result symptoms could be caused by a user with the same level of access simply changing the `branch` or `remote_url` of a GitRepository rather than crafting the `current_head`. Administrators are encouraged to carefully review which users are granted permissions to create and modify GitRepository records.\n\n\n### References\n\n- 2.4.33 (\u003ca href=\"https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609\"\u003epatch\u003c/a\u003e)\n- 3.1.2 (\u003ca href=\"https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3\"\u003epatch\u003c/a\u003e)",
  "id": "GHSA-p3hx-pwf3-j8wr",
  "modified": "2026-06-09T10:18:49Z",
  "published": "2026-05-13T15:31:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44798"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nautobot/nautobot"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Nautobot: GitRepository.current_head field should not be writable through REST API"
}

GHSA-P6F3-29PV-CJ66

Vulnerability from github – Published: 2026-05-20 00:31 – Updated: 2026-05-20 18:31
VLAI
Details

Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing.

This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-471"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-19T23:16:58Z",
    "severity": "LOW"
  },
  "details": "Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing.\n\nThis issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5.",
  "id": "GHSA-p6f3-29pv-cj66",
  "modified": "2026-05-20T18:31:34Z",
  "published": "2026-05-20T00:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8492"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2026-035"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PF2J-9QMP-JQR2

Vulnerability from github – Published: 2021-05-07 16:46 – Updated: 2022-08-11 14:59
VLAI
Summary
TypeORM vulnerable to MAID and Prototype Pollution
Details

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "typeorm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8158"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-471"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-28T17:29:12Z",
    "nvd_published_at": "2020-09-18T21:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Prototype pollution vulnerability in the TypeORM package \u003c 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.",
  "id": "GHSA-pf2j-9qmp-jqr2",
  "modified": "2022-08-11T14:59:34Z",
  "published": "2021-05-07T16:46:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8158"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/869574"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TypeORM vulnerable to MAID and Prototype Pollution"
}

Mitigation
Architecture and Design Operation Implementation

When the data is stored or transmitted through untrusted sources that could modify the data, implement integrity checks to detect unauthorized modification, or store/transmit the data in a trusted location that is free from external influence.

CAPEC-384: Application API Message Manipulation via Man-in-the-Middle

An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to perform adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system. Despite the use of AiTH software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true "Adversary-in-the-Middle" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.

CAPEC-385: Transaction or Event Tampering via Application API Manipulation

An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, substitute one item or another, spoof an existing item and conduct a false exchange, or otherwise change the amounts or identity of what is being exchanged. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the content of various application elements. Often, items exchanged in game can be monetized via sales for coin, virtual dollars, etc. The purpose of the attack is for the attack to scam the victim by trapping the data packets involved the exchange and altering the integrity of the transfer process.

CAPEC-386: Application API Navigation Remapping

An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains links/buttons that point to an attacker controlled destination. Some applications make navigation remapping more difficult to detect because the actual HREF values of images, profile elements, and links/buttons are masked. One example would be to place an image in a user's photo gallery that when clicked upon redirected the user to an off-site location. Also, traditional web vulnerabilities (such as CSRF) can be constructed with remapped buttons or links. In some cases navigation remapping can be used for Phishing attacks or even means to artificially boost the page view, user site reputation, or click-fraud.

CAPEC-387: Navigation Remapping To Propagate Malicious Content

An adversary manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic.

CAPEC-388: Application API Button Hijacking

An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.