Common Weakness Enumeration

CWE-502

Allowed

Deserialization of Untrusted Data

Abstraction: Base · Status: Draft

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

4802 vulnerabilities reference this CWE, most recent first.

GHSA-MG57-J93W-G3C7

Vulnerability from github – Published: 2026-06-23 15:32 – Updated: 2026-06-23 15:32
VLAI
Details

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when the pickle file is loaded.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71341"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-23T13:16:38Z",
    "severity": "HIGH"
  },
  "details": "picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when the pickle file is loaded.",
  "id": "GHSA-mg57-j93w-g3c7",
  "modified": "2026-06-23T15:32:36Z",
  "published": "2026-06-23T15:32:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-6vqj-c2q5-j97w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71341"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-undetected-profile-profile-runctx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MGVH-5MJ6-FPRR

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36
VLAI
Details

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-11T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests.",
  "id": "GHSA-mgvh-5mj6-fprr",
  "modified": "2022-05-24T17:36:09Z",
  "published": "2022-05-24T17:36:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9301"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-006.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MH49-CVP3-VVC2

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-26114"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:18:40Z",
    "severity": "HIGH"
  },
  "details": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.",
  "id": "GHSA-mh49-cvp3-vvc2",
  "modified": "2026-03-10T18:31:21Z",
  "published": "2026-03-10T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26114"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MH59-QF67-HHP9

Vulnerability from github – Published: 2024-10-16 15:32 – Updated: 2026-04-01 18:32
VLAI
Details

Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-16T14:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1.",
  "id": "GHSA-mh59-qf67-hhp9",
  "modified": "2026-04-01T18:32:01Z",
  "published": "2024-10-16T15:32:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49218"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/recently-viewed-most-viewed-and-sold-products-for-woocommerce/vulnerability/wordpress-recently-plugin-1-1-php-object-injection-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/recently-viewed-most-viewed-and-sold-products-for-woocommerce/wordpress-recently-plugin-1-1-php-object-injection-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MH9M-7C86-2WXJ

Vulnerability from github – Published: 2024-03-07 06:30 – Updated: 2024-08-12 21:31
VLAI
Details

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28212"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-07T05:15:54Z",
    "severity": "CRITICAL"
  },
  "details": "nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.",
  "id": "GHSA-mh9m-7c86-2wxj",
  "modified": "2024-08-12T21:31:31Z",
  "published": "2024-03-07T06:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28212"
    },
    {
      "type": "WEB",
      "url": "https://cve.naver.com/detail/cve-2024-28212.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MHFC-H92X-3F8M

Vulnerability from github – Published: 2021-12-22 00:00 – Updated: 2021-12-28 00:01
VLAI
Details

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-21T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.",
  "id": "GHSA-mhfc-h92x-3f8m",
  "modified": "2021-12-28T00:01:16Z",
  "published": "2021-12-22T00:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36336"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/000193079"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MHJ4-VRCV-X4XC

Vulnerability from github – Published: 2024-06-10 15:31 – Updated: 2024-08-21 20:08
VLAI
Summary
nukeviet Deserialization of Untrusted Data vulnerability
Details

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "nukeviet/nukeviet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-36528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-21T20:08:57Z",
    "nvd_published_at": "2024-06-10T15:15:52Z",
    "severity": "HIGH"
  },
  "details": "nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php.",
  "id": "GHSA-mhj4-vrcv-x4xc",
  "modified": "2024-08-21T20:08:57Z",
  "published": "2024-06-10T15:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36528"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nukeviet/nukeviet"
    },
    {
      "type": "WEB",
      "url": "https://mat4mee.notion.site/2-bug-chains-in-nukeViet-lead-to-RCE-bdd42b20b05a448fbe87c752b41bb15f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "nukeviet Deserialization of Untrusted Data vulnerability"
}

GHSA-MHR3-J7M5-C7C9

Vulnerability from github – Published: 2026-02-25 22:59 – Updated: 2026-02-25 22:59
VLAI
Summary
LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
Details

Context

A Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializer(pickle_fallback=True). When msgpack serialization fails, cached values can be deserialized via pickle.loads(...).

Who is affected?

Caching is not enabled by default. Applications are affected only when:

  • The application explicitly enables a cache backend (for example by passing cache=... to StateGraph.compile(...) or otherwise configuring a BaseCache implementation)
  • One or more nodes opt into caching via CachePolicy
  • The attacker can write to the cache backend (for example a network-accessible Redis instance with weak/no auth, shared cache infrastructure reachable by other tenants/services, or a writable SQLite cache file)

Example (enabling a cache backend and opting a node into caching):

from langgraph.cache.memory import InMemoryCache
from langgraph.graph import StateGraph
from langgraph.types import CachePolicy


def my_node(state: dict) -> dict:
    return {"value": state.get("value", 0) + 1}


builder = StateGraph(dict)
builder.add_node("my_node", my_node, cache_policy=CachePolicy(ttl=120))
builder.set_entry_point("my_node")

graph = builder.compile(cache=InMemoryCache())

result = graph.invoke({"value": 1})

With pickle_fallback=True, when msgpack serialization fails, JsonPlusSerializer can fall back to storing values as a ("pickle", <bytes>) tuple and later deserialize them via pickle.loads(...). If an attacker can place a malicious pickle payload into the cache backend such that the LangGraph process reads and deserializes it, this can lead to arbitrary code execution.

Exploitation requires attacker write access to the cache backend. The serializer is not exposed as a network-facing API.

This is fixed in langgraph-checkpoint>=4.0.0 by disabling pickle fallback by default (pickle_fallback=False).

Impact

Arbitrary code execution in the LangGraph process when attacker-controlled cache entries are deserialized.

Root Cause

  • BaseCache default serializer configuration inherited by cache implementations (InMemoryCache, RedisCache, SqliteCache):
  • libs/checkpoint/langgraph/cache/base/__init__.py (pre-fix default: JsonPlusSerializer(pickle_fallback=True))

  • JsonPlusSerializer deserialization sink:

  • libs/checkpoint/langgraph/checkpoint/serde/jsonplus.py
  • loads_typed(...) calls pickle.loads(data_) when type_ == "pickle" and pickle fallback is enabled

Attack preconditions

An attacker must be able to write attacker-controlled bytes into the cache backend such that the LangGraph process later reads and deserializes them.

This typically requires write access to a networked cache (for example a network-accessible Redis instance with weak/no auth or shared cache infrastructure reachable by other tenants/services) or write access to local cache storage (for example a writable SQLite cache file via permissive file permissions or a shared writable volume).

Because exploitation requires write access to the cache storage layer, this is a post-compromise / post-access escalation vector.

Remediation

  • Upgrade to langgraph-checkpoint>=4.0.0.

Resources

  • ZDI-CAN-28385
  • Patch: https://github.com/langchain-ai/langgraph/pull/6677
  • Patch diff: https://patch-diff.githubusercontent.com/raw/langchain-ai/langgraph/pull/6677.patch
  • Credit: Peter Girnus (@gothburz), Demeng Chen, and Brandon Niemczyk (Trend Micro Zero Day Initiative)
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "langgraph-checkpoint"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27794"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-25T22:59:12Z",
    "nvd_published_at": "2026-02-25T18:23:40Z",
    "severity": "MODERATE"
  },
  "details": "## Context\n\nA Remote Code Execution vulnerability exists in LangGraph\u0027s caching layer when applications enable cache backends that inherit from `BaseCache` and opt nodes into caching via `CachePolicy`. Prior to `langgraph-checkpoint` 4.0.0, `BaseCache` defaults to `JsonPlusSerializer(pickle_fallback=True)`. When msgpack serialization fails, cached values can be deserialized via `pickle.loads(...)`.\n\n### Who is affected?\n\nCaching is not enabled by default. Applications are affected only when:\n\n- The application explicitly enables a cache backend (for example by passing `cache=...` to `StateGraph.compile(...)` or otherwise configuring a `BaseCache` implementation)\n- One or more nodes opt into caching via `CachePolicy`\n- The attacker can write to the cache backend (for example a network-accessible Redis instance with weak/no auth, shared cache infrastructure reachable by other tenants/services, or a writable SQLite cache file)\n\nExample (enabling a cache backend and opting a node into caching):\n\n```py\nfrom langgraph.cache.memory import InMemoryCache\nfrom langgraph.graph import StateGraph\nfrom langgraph.types import CachePolicy\n\n\ndef my_node(state: dict) -\u003e dict:\n    return {\"value\": state.get(\"value\", 0) + 1}\n\n\nbuilder = StateGraph(dict)\nbuilder.add_node(\"my_node\", my_node, cache_policy=CachePolicy(ttl=120))\nbuilder.set_entry_point(\"my_node\")\n\ngraph = builder.compile(cache=InMemoryCache())\n\nresult = graph.invoke({\"value\": 1})\n```\n\nWith `pickle_fallback=True`, when msgpack serialization fails, `JsonPlusSerializer` can fall back to storing values as a `(\"pickle\", \u003cbytes\u003e)` tuple and later deserialize them via `pickle.loads(...)`. If an attacker can place a malicious pickle payload into the cache backend such that the LangGraph process reads and deserializes it, this can lead to arbitrary code execution.\n\nExploitation requires attacker write access to the cache backend. The serializer is not exposed as a network-facing API.\n\nThis is fixed in `langgraph-checkpoint\u003e=4.0.0` by disabling pickle fallback by default (`pickle_fallback=False`).\n\n## Impact\n\nArbitrary code execution in the LangGraph process when attacker-controlled cache entries are deserialized.\n\n## Root Cause\n\n- `BaseCache` default serializer configuration inherited by cache implementations (`InMemoryCache`, `RedisCache`, `SqliteCache`):\n  - `libs/checkpoint/langgraph/cache/base/__init__.py` (pre-fix default: `JsonPlusSerializer(pickle_fallback=True)`)\n\n- `JsonPlusSerializer` deserialization sink:\n  - `libs/checkpoint/langgraph/checkpoint/serde/jsonplus.py`\n  - `loads_typed(...)` calls `pickle.loads(data_)` when `type_ == \"pickle\"` and pickle fallback is enabled\n\n## Attack preconditions\n\nAn attacker must be able to write attacker-controlled bytes into the cache backend such that the LangGraph process later reads and deserializes them.\n\nThis typically requires write access to a networked cache (for example a network-accessible Redis instance with weak/no auth or shared cache infrastructure reachable by other tenants/services) or write access to local cache storage (for example a writable SQLite cache file via permissive file permissions or a shared writable volume).\n\nBecause exploitation requires write access to the cache storage layer, this is a post-compromise / post-access escalation vector.\n\n## Remediation\n\n- Upgrade to `langgraph-checkpoint\u003e=4.0.0`.\n\n## Resources\n\n- ZDI-CAN-28385\n- Patch: https://github.com/langchain-ai/langgraph/pull/6677\n- Patch diff: https://patch-diff.githubusercontent.com/raw/langchain-ai/langgraph/pull/6677.patch\n- Credit: Peter Girnus (@gothburz), Demeng Chen, and Brandon Niemczyk (Trend Micro Zero Day Initiative)",
  "id": "GHSA-mhr3-j7m5-c7c9",
  "modified": "2026-02-25T22:59:12Z",
  "published": "2026-02-25T22:59:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langgraph/security/advisories/GHSA-mhr3-j7m5-c7c9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27794"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langgraph/pull/6677"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langgraph/commit/f91d79d0c86932ded6e3b9f195d5a0bbd5aef99c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/langchain-ai/langgraph"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langgraph/releases/tag/checkpoint%3D%3D4.0.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution "
}

GHSA-MJ46-R4GR-5X83

Vulnerability from github – Published: 2022-06-03 22:32 – Updated: 2022-06-06 18:59
VLAI
Summary
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx
Details

Impact

The gatsby-plugin-mdx plugin prior to versions 3.15.2 and 2.14.1 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present when passing input in both webpack (MDX files in src/pages or MDX file imported as component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Injected JavaScript executes in the context of the build server.

To exploit this vulnerability untrusted/unsanitized input would need to be sourced or added into an MDX file. The following MDX payload demonstrates a vulnerable configuration:

---js
((require("child_process")).execSync("id >> /tmp/rce"))
--- 

Patches

A patch has been introduced in gatsby-plugin-mdx@3.15.2 and gatsby-plugin-mdx@2.14.1 which mitigates the issue by disabling the gray-matter JavaScript Frontmatter engine. The patch introduces a new option, JSFrontmatterEngine which is set to false by default. When setting JSFrontmatterEngine to true, input passed to gatsby-plugin-mdx must be sanitized before processing to avoid a security risk. Warnings are displayed when enabling JSFrontmatterEngine to true or if it appears that the MDX input is attempting to use the Frontmatter engine.

Workarounds

If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing.

We encourage projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner.

Credits

We would like to thank Snyk [snyk.io] for initially bringing the issue to our attention, as well as Feng Xiao and Zhongfu Su, who reported the issue to Snyk.

For more information

Email us at security@gatsbyjs.com.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "gatsby-plugin-mdx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "gatsby-plugin-mdx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.15.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-25863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-03T22:32:06Z",
    "nvd_published_at": "2022-06-10T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe gatsby-plugin-mdx plugin prior to versions 3.15.2 and 2.14.1 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized.  The vulnerability is present when passing input in both webpack (MDX files in `src/pages` or MDX file imported as component in frontend / React code) and data mode (querying MDX nodes via GraphQL).  Injected JavaScript executes in the context of the build server.\n\nTo exploit this vulnerability untrusted/unsanitized input would need to be sourced or added into an MDX file.  The following MDX payload demonstrates a vulnerable configuration:\n```\n---js\n((require(\"child_process\")).execSync(\"id \u003e\u003e /tmp/rce\"))\n--- \n```\n\n### Patches\nA patch has been introduced in `gatsby-plugin-mdx@3.15.2` and `gatsby-plugin-mdx@2.14.1` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine.  The patch introduces a new option, `JSFrontmatterEngine` which is set to `false` by default.  When setting `JSFrontmatterEngine` to `true`, input passed to `gatsby-plugin-mdx` must be sanitized before processing to avoid a security risk.  Warnings are displayed when enabling `JSFrontmatterEngine` to `true` or if it appears that the MDX input is attempting to use the Frontmatter engine.\n\n### Workarounds\nIf an older version of `gatsby-plugin-mdx` must be used, input passed into the plugin should be sanitized ahead of processing.\n\n**We encourage projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner.**\n\n### Credits\nWe would like to thank Snyk [snyk.io] for initially bringing the issue to our attention, as well as Feng Xiao and Zhongfu Su, who reported the issue to Snyk.\n\n### For more information\nEmail us at [security@gatsbyjs.com](mailto:security@gatsbyjs.com).\n",
  "id": "GHSA-mj46-r4gr-5x83",
  "modified": "2022-06-06T18:59:37Z",
  "published": "2022-06-03T22:32:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-mj46-r4gr-5x83"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25863"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gatsbyjs/gatsby/pull/35830"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gatsbyjs/gatsby"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unsanitized JavaScript code injection possible in gatsby-plugin-mdx"
}

GHSA-MJ6J-XRJ4-V396

Vulnerability from github – Published: 2025-08-14 12:30 – Updated: 2026-04-01 18:35
VLAI
Details

Deserialization of Untrusted Data vulnerability in keywordrush Content Egg allows Object Injection. This issue affects Content Egg: from n/a through 7.0.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-14T11:15:34Z",
    "severity": "HIGH"
  },
  "details": "Deserialization of Untrusted Data vulnerability in keywordrush Content Egg allows Object Injection. This issue affects Content Egg: from n/a through 7.0.0.",
  "id": "GHSA-mj6j-xrj4-v396",
  "modified": "2026-04-01T18:35:49Z",
  "published": "2025-08-14T12:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47536"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/content-egg/vulnerability/wordpress-content-egg-7-0-0-php-object-injection-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.

Mitigation
Implementation

When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.

Mitigation
Implementation

Explicitly define a final object() to prevent deserialization.

Mitigation
Architecture and Design Implementation
  • Make fields transient to protect them from deserialization.
  • An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Implementation

Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.

Mitigation
Architecture and Design Implementation

Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.

Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-586: Object Injection

An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.