Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1252 vulnerabilities reference this CWE, most recent first.

GHSA-J9C9-QJ2X-X3FC

Vulnerability from github – Published: 2023-09-18 21:30 – Updated: 2024-04-04 07:43
VLAI
Details

An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-18T21:15:55Z",
    "severity": "MODERATE"
  },
  "details": "An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.",
  "id": "GHSA-j9c9-qj2x-x3fc",
  "modified": "2024-04-04T07:43:26Z",
  "published": "2023-09-18T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39043"
    },
    {
      "type": "WEB",
      "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39043.md"
    },
    {
      "type": "WEB",
      "url": "http://tokushimaawayokocho.com"
    },
    {
      "type": "WEB",
      "url": "http://ykc.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J9HF-98C3-WRM8

Vulnerability from github – Published: 2024-06-04 18:12 – Updated: 2025-06-27 22:08
VLAI
Summary
malicious container creates symlink "mtab" on the host External
Details

Impact

A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host.

A workload built from this Dockerfile:

FROM docker.io/library/busybox as source
RUN mkdir /extra && cd /extra && ln -s ../../../../../../../../root etc

FROM scratch

COPY --from=source /bin /bin
COPY --from=source /lib /lib
COPY --from=source /extra .

and this container config:

{
  "metadata": {
      "name": "busybox"
  },
  "image":{
      "image": "localhost/test"
  },
  "command": [
      "/bin/true"
  ],
  "linux": {
  }
}


and this sandbox config

{
  "metadata": {
    "name": "test-sandbox",
    "namespace": "default",
    "attempt": 1,
    "uid": "edishd83djaideaduwk28bcsb"
  },
  "linux": {
    "security_context": {
      "namespace_options": {
        "network": 2
      }
    }
  }
}

will create a file on host /host/mtab

Patches

1.30.1, 1.29.5, 1.28.7

Workarounds

Unfortunately not

References

Are there any links users can visit to find out more?

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cri-o/cri-o"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.28.6"
            },
            {
              "fixed": "1.28.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cri-o/cri-o"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.29.4"
            },
            {
              "fixed": "1.29.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cri-o/cri-o"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.30.0"
            },
            {
              "fixed": "1.30.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-5154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-04T18:12:31Z",
    "nvd_published_at": "2024-06-12T09:15:19Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nA malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host.\n\nA workload built from this Dockerfile:\n```\nFROM docker.io/library/busybox as source\nRUN mkdir /extra \u0026\u0026 cd /extra \u0026\u0026 ln -s ../../../../../../../../root etc\n\nFROM scratch\n\nCOPY --from=source /bin /bin\nCOPY --from=source /lib /lib\nCOPY --from=source /extra .\n\n```\n\nand this container config:\n\n```\n{\n  \"metadata\": {\n      \"name\": \"busybox\"\n  },\n  \"image\":{\n      \"image\": \"localhost/test\"\n  },\n  \"command\": [\n      \"/bin/true\"\n  ],\n  \"linux\": {\n  }\n}\n\n\n```\nand this sandbox config  \n```\n{\n  \"metadata\": {\n    \"name\": \"test-sandbox\",\n    \"namespace\": \"default\",\n    \"attempt\": 1,\n    \"uid\": \"edishd83djaideaduwk28bcsb\"\n  },\n  \"linux\": {\n    \"security_context\": {\n      \"namespace_options\": {\n        \"network\": 2\n      }\n    }\n  }\n}\n\n```\n\nwill create a file on host `/host/mtab`\n\n### Patches\n1.30.1, 1.29.5, 1.28.7\n\n### Workarounds\nUnfortunately not\n\n### References\n_Are there any links users can visit to find out more?_",
  "id": "GHSA-j9hf-98c3-wrm8",
  "modified": "2025-06-27T22:08:30Z",
  "published": "2024-06-04T18:12:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5154"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:10818"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3676"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3700"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:4008"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:4159"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:4486"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-5154"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280190"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cri-o/cri-o"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2024-2919"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "malicious container creates symlink \"mtab\" on the host External"
}

GHSA-J9J7-WV39-5XC4

Vulnerability from github – Published: 2021-12-21 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44676"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-20T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.",
  "id": "GHSA-j9j7-wv39-5xc4",
  "modified": "2023-08-08T15:31:26Z",
  "published": "2021-12-21T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44676"
    },
    {
      "type": "WEB",
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-access-manager-plus-build-4202-and-prior"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J9RC-2HV9-V5V8

Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2025-11-04 18:30
VLAI
Details

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir() as root directly without checking the path, letting the attacker provide an arbitrary path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-13T20:15:00Z",
    "severity": "LOW"
  },
  "details": "In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.",
  "id": "GHSA-j9rc-2hv9-v5v8",
  "modified": "2025-11-04T18:30:39Z",
  "published": "2022-09-14T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37703"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/870037"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MaherAzzouzi/CVE-2022-37703"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2"
    },
    {
      "type": "WEB",
      "url": "http://www.amanda.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JC66-9QCW-88HP

Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-04-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: usbhid: fix info leak in hid_submit_ctrl

In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes.

To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-26T18:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: fix info leak in hid_submit_ctrl\n\nIn hid_submit_ctrl(), the way of calculating the report length doesn\u0027t\ntake into account that report-\u003esize can be zero. When running the\nsyzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to\ncalculate transfer_buffer_length as 16384. When this urb is passed to\nthe usb core layer, KMSAN reports an info leak of 16384 bytes.\n\nTo fix this, first modify hid_report_len() to account for the zero\nreport size case by using DIV_ROUND_UP for the division. Then, call it\nfrom hid_submit_ctrl().",
  "id": "GHSA-jc66-9qcw-88hp",
  "modified": "2024-04-17T18:31:31Z",
  "published": "2024-02-26T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46906"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e280502be1b003c3483ae03fc60dea554fcfa82"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21883bff0fd854e07429a773ff18f1e9658f50e8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41b1e71a2c57366b08dcca1a28b0d45ca69429ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8c064eece9a51856f3f275104520c7e3017fc5c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b1e3596416d74ce95cc0b7b38472329a3818f8a9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5d3c142f2d57d40c55e65d5622d319125a45366"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JCXM-CFV5-GP8J

Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30
VLAI
Details

Windows CoreMessaging Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T18:15:52Z",
    "severity": "MODERATE"
  },
  "details": "Windows CoreMessaging Information Disclosure  Vulnerability",
  "id": "GHSA-jcxm-cfv5-gp8j",
  "modified": "2024-01-09T18:30:29Z",
  "published": "2024-01-09T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20694"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20694"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JF2P-4GQJ-849G

Vulnerability from github – Published: 2022-11-28 22:09 – Updated: 2024-09-26 14:24
VLAI
Summary
Temporary File Information Disclosure vulnerability in MPXJ
Details

Impact

On Unix-like operating systems (not Windows or macos), MPXJ's use of File.createTempFile(..) results in temporary files being created with the permissions -rw-r--r--. This means that any other user on the system can read the contents of this file. When MPXJ is reading a type of schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ.

Patches

The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes.

Workarounds

Setting java.io.tmpdir to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.

For more information

If you have any questions or comments about this advisory * Open an issue in https://github.com/joniles/mpxj

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "net.sf.mpxj:mpxj"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "net.sf.mpxj"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "net.sf.mpxj-for-csharp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "net.sf.mpxj-for-vb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mpxj"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41954"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-28T22:09:09Z",
    "nvd_published_at": "2022-11-25T19:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nOn Unix-like operating systems (not Windows or macos), MPXJ\u0027s use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a type of schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ.\n\n### Patches\nThe problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes.\n\n### Workarounds\nSetting `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.\n\n### For more information\nIf you have any questions or comments about this advisory\n* Open an issue in https://github.com/joniles/mpxj\n",
  "id": "GHSA-jf2p-4gqj-849g",
  "modified": "2024-09-26T14:24:09Z",
  "published": "2022-11-28T22:09:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/joniles/mpxj/security/advisories/GHSA-jf2p-4gqj-849g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41954"
    },
    {
      "type": "WEB",
      "url": "https://github.com/joniles/mpxj/commit/287ad0234213c52b0638565e14bd9cf3ed44cedd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/joniles/mpxj/commit/ae0af24345d79ad45705265d9927fe55e94a5721"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/joniles/mpxj"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mpxj/PYSEC-2022-42996.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Temporary File Information Disclosure vulnerability in MPXJ"
}

GHSA-JFJP-C9JG-CQCX

Vulnerability from github – Published: 2023-04-11 21:31 – Updated: 2024-04-04 03:24
VLAI
Details

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-11T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.",
  "id": "GHSA-jfjp-c9jg-cqcx",
  "modified": "2024-04-04T03:24:54Z",
  "published": "2023-04-11T21:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25409"
    },
    {
      "type": "WEB",
      "url": "https://www.pentagrid.ch/en/blog/multiple-vulnerabilities-in-aten-PE8108-power-distribution-unit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JFQG-HF23-QPW2

Vulnerability from github – Published: 2026-04-03 02:46 – Updated: 2026-04-06 23:11
VLAI
Summary
Electron: Context Isolation bypass via contextBridge VideoFrame transfer
Details

Impact

Apps that pass VideoFrame objects (from the WebCodecs API) across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world (for example, via XSS) can use a bridged VideoFrame to gain access to the isolated world, including any Node.js APIs exposed to the preload script.

Apps are only affected if a preload script returns, resolves, or passes a VideoFrame object to the main world via contextBridge.exposeInMainWorld(). Apps that do not bridge VideoFrame objects are not affected.

Workarounds

Do not pass VideoFrame objects across contextBridge. If an app needs to transfer video frame data, serialize it to an ArrayBuffer or ImageBitmap before bridging.

Fixed Versions

  • 41.0.0-beta.8
  • 40.7.0
  • 39.8.0

For more information

If there are any questions or comments about this advisory, please email security@electronjs.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "39.0.0-alpha.1"
            },
            {
              "fixed": "39.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "40.0.0-alpha.1"
            },
            {
              "fixed": "40.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "41.0.0-alpha.1"
            },
            {
              "fixed": "41.0.0-beta.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34780"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-03T02:46:56Z",
    "nvd_published_at": "2026-04-04T01:16:39Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nApps that pass `VideoFrame` objects (from the WebCodecs API) across the `contextBridge` are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world (for example, via XSS) can use a bridged `VideoFrame` to gain access to the isolated world, including any Node.js APIs exposed to the preload script.\n\nApps are only affected if a preload script returns, resolves, or passes a `VideoFrame` object to the main world via `contextBridge.exposeInMainWorld()`. Apps that do not bridge `VideoFrame` objects are not affected.\n\n### Workarounds\nDo not pass `VideoFrame` objects across `contextBridge`. If an app needs to transfer video frame data, serialize it to an `ArrayBuffer` or `ImageBitmap` before bridging.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.7.0`\n* `39.8.0`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)",
  "id": "GHSA-jfqg-hf23-qpw2",
  "modified": "2026-04-06T23:11:50Z",
  "published": "2026-04-03T02:46:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/electron/electron/security/advisories/GHSA-jfqg-hf23-qpw2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34780"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/electron/electron"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Electron: Context Isolation bypass via contextBridge VideoFrame transfer"
}

GHSA-JGWP-H4GX-XM93

Vulnerability from github – Published: 2022-11-02 19:00 – Updated: 2022-11-04 19:01
VLAI
Details

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281",
      "CWE-548",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-02T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.",
  "id": "GHSA-jgwp-h4gx-xm93",
  "modified": "2022-11-04T19:01:17Z",
  "published": "2022-11-02T19:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45446"
    },
    {
      "type": "WEB",
      "url": "https://support.pentaho.com/hc/en-us/articles/6744813983501"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.