CWE-670
Allowed-with-ReviewAlways-Incorrect Control Flow Implementation
Abstraction: Class · Status: Draft
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
203 vulnerabilities reference this CWE, most recent first.
GHSA-9WX4-H78V-VM56
Vulnerability from github – Published: 2024-05-20 20:15 – Updated: 2026-01-16 00:02When using a requests.Session, if the first request to a given origin is made with verify=False, TLS certificate verification may remain disabled for all subsequent requests to that origin, even if verify=True is explicitly specified later.
This occurs because the underlying connection is reused from the session's connection pool, causing the initial TLS verification setting to persist for the lifetime of the pooled connection. As a result, applications may unintentionally send requests without certificate verification, leading to potential man-in-the-middle attacks and compromised confidentiality or integrity.
This behavior affects versions of requests prior to 2.32.0.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "requests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-35195"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-20T20:15:00Z",
"nvd_published_at": "2024-05-20T21:15:09Z",
"severity": "MODERATE"
},
"details": "When using a `requests.Session`, if the first request to a given origin is made with `verify=False`, TLS certificate verification may remain disabled for all subsequent requests to that origin, even if `verify=True` is explicitly specified later.\n\nThis occurs because the underlying connection is reused from the session\u0027s connection pool, causing the initial TLS verification setting to persist for the lifetime of the pooled connection. As a result, applications may unintentionally send requests without certificate verification, leading to potential man-in-the-middle attacks and compromised confidentiality or integrity.\n\nThis behavior affects versions of `requests` prior to 2.32.0.",
"id": "GHSA-9wx4-h78v-vm56",
"modified": "2026-01-16T00:02:49Z",
"published": "2024-05-20T20:15:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195"
},
{
"type": "WEB",
"url": "https://github.com/psf/requests/pull/6655"
},
{
"type": "WEB",
"url": "https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac"
},
{
"type": "PACKAGE",
"url": "https://github.com/psf/requests"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Requests `Session` object does not verify requests after making first request with verify=False"
}
GHSA-C6H7-X3G7-8H2P
Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.
{
"affected": [],
"aliases": [
"CVE-2017-0604"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-12T15:29:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.",
"id": "GHSA-c6h7-x3g7-8h2p",
"modified": "2022-05-13T01:40:19Z",
"published": "2022-05-13T01:40:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0604"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98151"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CQGM-MQMR-PX3P
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2024-04-04 02:50Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
{
"affected": [],
"aliases": [
"CVE-2020-5753"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-20T14:15:00Z",
"severity": "MODERATE"
},
"details": "Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim\u0027s Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.",
"id": "GHSA-cqgm-mqmr-px3p",
"modified": "2024-04-04T02:50:52Z",
"published": "2022-05-24T17:18:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5753"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2020-33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F3Q6-69F3-VWCH
Vulnerability from github – Published: 2026-04-20 06:31 – Updated: 2026-04-23 14:29A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "fschat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.36"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-6608"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-23T14:29:57Z",
"nvd_published_at": "2026-04-20T06:16:21Z",
"severity": "MODERATE"
},
"details": "A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.",
"id": "GHSA-f3q6-69f3-vwch",
"modified": "2026-04-23T14:29:57Z",
"published": "2026-04-20T06:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6608"
},
{
"type": "WEB",
"url": "https://github.com/lm-sys/FastChat/issues/3834"
},
{
"type": "WEB",
"url": "https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36"
},
{
"type": "PACKAGE",
"url": "https://github.com/lm-sys/FastChat"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/792228"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/358243"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/358243/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "FastChat has a Content Moderation Bypass via Arena Side-by-Side Views"
}
GHSA-F6C7-FJ8H-5898
Vulnerability from github – Published: 2026-04-02 18:31 – Updated: 2026-04-02 18:31OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
{
"affected": [],
"aliases": [
"CVE-2026-35414"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-02T18:16:34Z",
"severity": "MODERATE"
},
"details": "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.",
"id": "GHSA-f6c7-fj8h-5898",
"modified": "2026-04-02T18:31:39Z",
"published": "2026-04-02T18:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35414"
},
{
"type": "WEB",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2"
},
{
"type": "WEB",
"url": "https://www.openssh.org/releasenotes.html#10.3p1"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/04/02/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F6J9-3MCJ-W64V
Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:01On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the "Use APM Username and Session ID" option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
{
"affected": [],
"aliases": [
"CVE-2022-26890"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-05T17:15:00Z",
"severity": "HIGH"
},
"details": "On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the \"Use APM Username and Session ID\" option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
"id": "GHSA-f6j9-3mcj-w64v",
"modified": "2022-05-14T00:01:37Z",
"published": "2022-05-06T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26890"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K03442392"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F854-HPXV-CW9R
Vulnerability from github – Published: 2022-01-06 18:30 – Updated: 2022-01-06 20:21Impact
In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx.
User funds and balances are safe.
Patches
This problem has been patched in Cronos v0.6.5 on the mempool level. The next network upgrade with consensus-breaking changes will patch it on the consensus level.
Workarounds
There are no tested workarounds. All validator node operators are recommended to upgrade to Cronos v0.6.5 at their earliest possible convenience.
Credits
Thank you to @zb3 for reporting this issue on Cronos Immunefi Bug Bounty Program, to @cyril-crypto for reproducing the issue and to @yihuang and @thomas-nguy for patching the issue on the CheckTx (mempool) and the DeliverTx (consensus) levels.
For more information
If you have any questions or comments about this advisory: * Open a discussion in crypto-org-chain/cronos * Email us at chain@crypto.org
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/crypto-org-chain/cronos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tharsis/ethermint"
},
"ranges": [
{
"events": [
{
"introduced": "0.8.0"
},
{
"fixed": "0.10.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tharsis/evmos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tharsis/ethermint"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-43839"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-04T22:40:01Z",
"nvd_published_at": "2021-12-21T17:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nIn Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK\u0027s FeeCollector for the current block by sending a custom crafted MsgEthereumTx.\n\nUser funds and balances are safe.\n\n\n### Patches\nThis problem has been patched in Cronos v0.6.5 on the mempool level.\nThe next network upgrade with consensus-breaking changes will patch it on the consensus level.\n\n### Workarounds\nThere are no tested workarounds. All validator node operators are recommended to upgrade to Cronos v0.6.5 at their earliest possible convenience.\n\n### Credits\nThank you to @zb3 for reporting this issue on [Cronos Immunefi Bug Bounty Program](https://immunefi.com/bounty/cronos/), to @cyril-crypto for reproducing the issue and to @yihuang and @thomas-nguy for patching the issue on the CheckTx (mempool) and the DeliverTx (consensus) levels.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open a discussion in [crypto-org-chain/cronos](https://github.com/crypto-org-chain/cronos/discussions/new)\n* Email us at [chain@crypto.org](mailto:chain@crypto.org)\n",
"id": "GHSA-f854-hpxv-cw9r",
"modified": "2022-01-06T20:21:28Z",
"published": "2022-01-06T18:30:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/crypto-org-chain/cronos/security/advisories/GHSA-f854-hpxv-cw9r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43839"
},
{
"type": "WEB",
"url": "https://github.com/crypto-org-chain/cronos/pull/270"
},
{
"type": "WEB",
"url": "https://github.com/crypto-org-chain/cronos/commit/150ef237b37ac28c8136e1c0f494932860b9ebe8"
},
{
"type": "WEB",
"url": "https://github.com/crypto-org-chain/cronos"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Drainage of FeeCollector\u0027s Block Transaction Fees in cronos"
}
GHSA-FCV6-FG5R-JM9Q
Vulnerability from github – Published: 2023-09-04 22:40 – Updated: 2023-09-04 22:40Impact
A Parse Pointer can be used to access internal Parse Server classes. It can also be used to circumvent the beforeFind query trigger which can be an additional vulnerability for deployments where the beforeFind trigger is used as a security layer to modify an incoming query.
Patches
The vulnerability was fixed by implementing a patch in the internal query pipeline to prevent a Parse Pointer to be used to access internal Parse Server classes or circumvent the beforeFind trigger.
Workarounds
There is no known workaround to prevent a Parse Pointer to be used to access internal Parse Server classes. A workaround if a beforeFind trigger is used as a security layer is to instead use the Parse Server provided security layers to manage access levels with Class-Level Permissions and Object-Level Access Control.
References
- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q
- Patched in Parse Server 6.x: https://github.com/parse-community/parse-server/releases/tag/6.2.2
- Patched in Parse Server 5.x (LTS): https://github.com/parse-community/parse-server/releases/tag/5.5.5
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "5.5.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-41058"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": true,
"github_reviewed_at": "2023-09-04T22:40:41Z",
"nvd_published_at": "2023-09-04T23:15:47Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA Parse Pointer can be used to access internal Parse Server classes. It can also be used to circumvent the `beforeFind` query trigger which can be an additional vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify an incoming query.\n\n### Patches\n\nThe vulnerability was fixed by implementing a patch in the internal query pipeline to prevent a Parse Pointer to be used to access internal Parse Server classes or circumvent the `beforeFind` trigger.\n\n### Workarounds\n\nThere is no known workaround to prevent a Parse Pointer to be used to access internal Parse Server classes. A workaround if a `beforeFind` trigger is used as a security layer is to instead use the Parse Server provided [security layers](https://docs.parseplatform.org/parse-server/guide/#security) to manage access levels with Class-Level Permissions and Object-Level Access Control.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q\n- Patched in Parse Server 6.x: https://github.com/parse-community/parse-server/releases/tag/6.2.2\n- Patched in Parse Server 5.x (LTS): https://github.com/parse-community/parse-server/releases/tag/5.5.5",
"id": "GHSA-fcv6-fg5r-jm9q",
"modified": "2023-09-04T22:40:41Z",
"published": "2023-09-04T22:40:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41058"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/commit/be4c7e23c63a2fb690685665cebed0de26be05c5"
},
{
"type": "WEB",
"url": "https://docs.parseplatform.org/parse-server/guide/#security"
},
{
"type": "PACKAGE",
"url": "https://github.com/parse-community/parse-server"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/releases/tag/5.5.5"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/releases/tag/6.2.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer"
}
GHSA-FM7H-C3R4-XQH6
Vulnerability from github – Published: 2025-10-02 21:31 – Updated: 2025-10-02 21:31SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.
{
"affected": [],
"aliases": [
"CVE-2025-32942"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-02T19:15:30Z",
"severity": "HIGH"
},
"details": "SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user\u0027s session traffic.",
"id": "GHSA-fm7h-c3r4-xqh6",
"modified": "2025-10-02T21:31:19Z",
"published": "2025-10-02T21:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32942"
},
{
"type": "WEB",
"url": "https://info.ssh.com/tectia-vulnerability-cve-2025-32942"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FV86-4V9Q-H758
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. Following extraction, the extracted files also lack the Mark-of-the-Web. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23983.
{
"affected": [],
"aliases": [
"CVE-2024-8811"
],
"database_specific": {
"cwe_ids": [
"CWE-670",
"CWE-693"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T21:15:19Z",
"severity": "HIGH"
},
"details": "WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. Following extraction, the extracted files also lack the Mark-of-the-Web. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23983.",
"id": "GHSA-fv86-4v9q-h758",
"modified": "2024-11-22T21:32:19Z",
"published": "2024-11-22T21:32:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8811"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1234"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.