CWE-75
DiscouragedFailure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Abstraction: Class · Status: Draft
The product does not adequately filter user-controlled input for special elements with control implications.
59 vulnerabilities reference this CWE, most recent first.
CVE-2023-0302 (GCVE-0-2023-0302)
Vulnerability from cvelistv5 – Published: 2023-01-15 00:00 – Updated: 2025-04-07 17:47- CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
| Vendor | Product | Version | |
|---|---|---|---|
| radareorg | radareorg/radare2 |
Affected:
unspecified , < 5.8.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:54.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0302",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T17:47:04.226641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T17:47:12.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "radareorg/radare2",
"vendor": "radareorg",
"versions": [
{
"lessThan": "5.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e"
},
{
"url": "https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce"
}
],
"source": {
"advisory": "583133af-7ae6-4a21-beef-a4b0182cf82e",
"discovery": "EXTERNAL"
},
"title": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in radareorg/radare2"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0302",
"datePublished": "2023-01-15T00:00:00.000Z",
"dateReserved": "2023-01-15T00:00:00.000Z",
"dateUpdated": "2025-04-07T17:47:12.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24039 (GCVE-0-2022-24039)
Vulnerability from cvelistv5 – Published: 2022-05-10 09:46 – Updated: 2024-08-03 03:59- CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Desigo PXC4 |
Affected:
All versions < V02.20.142.10-10884
|
|
| Siemens | Desigo PXC5 |
Affected:
All versions < V02.20.142.10-10884
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Desigo PXC4",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V02.20.142.10-10884"
}
]
},
{
"product": "Desigo PXC5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V02.20.142.10-10884"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The \u201caddCell\u201d JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file. An attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administrator\u2019s workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T09:21:29.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-24039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Desigo PXC4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V02.20.142.10-10884"
}
]
}
},
{
"product_name": "Desigo PXC5",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V02.20.142.10-10884"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The \u201caddCell\u201d JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file. An attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administrator\u2019s workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-24039",
"datePublished": "2022-05-10T09:46:46.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:59:23.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4721 (GCVE-0-2022-4721)
Vulnerability from cvelistv5 – Published: 2022-12-23 00:00 – Updated: 2025-04-09 20:40- CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
| Vendor | Product | Version | |
|---|---|---|---|
| ikus060 | ikus060/rdiffweb |
Affected:
unspecified , < 2.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:40.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3c48ef5d-da4d-4ee4-aaca-af65e7273720"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ikus060/rdiffweb/commit/6afaae56a29536f0118b3380d296c416aa6d078d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4721",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:47:29.954157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:40:39.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ikus060/rdiffweb",
"vendor": "ikus060",
"versions": [
{
"lessThan": "2.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3c48ef5d-da4d-4ee4-aaca-af65e7273720"
},
{
"url": "https://github.com/ikus060/rdiffweb/commit/6afaae56a29536f0118b3380d296c416aa6d078d"
}
],
"source": {
"advisory": "3c48ef5d-da4d-4ee4-aaca-af65e7273720",
"discovery": "EXTERNAL"
},
"title": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in ikus060/rdiffweb"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4721",
"datePublished": "2022-12-23T00:00:00.000Z",
"dateReserved": "2022-12-23T00:00:00.000Z",
"dateUpdated": "2025-04-09T20:40:39.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3607 (GCVE-0-2022-3607)
Vulnerability from cvelistv5 – Published: 2022-10-19 00:00 – Updated: 2025-05-09 14:47- CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
| Vendor | Product | Version | |
|---|---|---|---|
| octoprint | octoprint/octoprint |
Affected:
unspecified , < 1.8.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3607",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T14:47:28.251571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T14:47:37.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "octoprint/octoprint",
"vendor": "octoprint",
"versions": [
{
"lessThan": "1.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-19T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11"
},
{
"url": "https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e"
}
],
"source": {
"advisory": "2d1db3c9-93e8-4902-a55b-5ea53c22aa11",
"discovery": "EXTERNAL"
},
"title": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in octoprint/octoprint"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3607",
"datePublished": "2022-10-19T00:00:00.000Z",
"dateReserved": "2022-10-19T00:00:00.000Z",
"dateUpdated": "2025-05-09T14:47:37.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39174 (GCVE-0-2021-39174)
Vulnerability from cvelistv5 – Published: 2021-08-27 23:25 – Updated: 2024-08-04 01:58- CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
| URL | Tags |
|---|---|
| https://github.com/fiveai/Cachet/releases/tag/v2.5.1 | x_refsource_MISC |
| https://github.com/fiveai/Cachet/security/advisor… | x_refsource_CONFIRM |
| https://blog.sonarsource.com/cachet-code-executio… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fiveai/Cachet/releases/tag/v2.5.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fiveai/Cachet/security/advisories/GHSA-88f9-7xxh-c688"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cachet",
"vendor": "fiveai",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-02T15:13:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fiveai/Cachet/releases/tag/v2.5.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fiveai/Cachet/security/advisories/GHSA-88f9-7xxh-c688"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection/"
}
],
"source": {
"advisory": "GHSA-88f9-7xxh-c688",
"discovery": "UNKNOWN"
},
"title": "Configuration leak",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39174",
"STATE": "PUBLIC",
"TITLE": "Configuration leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cachet",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.1"
}
]
}
}
]
},
"vendor_name": "fiveai"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fiveai/Cachet/releases/tag/v2.5.1",
"refsource": "MISC",
"url": "https://github.com/fiveai/Cachet/releases/tag/v2.5.1"
},
{
"name": "https://github.com/fiveai/Cachet/security/advisories/GHSA-88f9-7xxh-c688",
"refsource": "CONFIRM",
"url": "https://github.com/fiveai/Cachet/security/advisories/GHSA-88f9-7xxh-c688"
},
{
"name": "https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection/",
"refsource": "MISC",
"url": "https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection/"
}
]
},
"source": {
"advisory": "GHSA-88f9-7xxh-c688",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39174",
"datePublished": "2021-08-27T23:25:08.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:58:18.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22911 (GCVE-0-2021-22911)
Vulnerability from cvelistv5 – Published: 2021-05-27 11:14 – Updated: 2024-08-03 18:58- CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/1130721 | x_refsource_MISC |
| http://packetstormsecurity.com/files/162997/Rocke… | x_refsource_MISC |
| http://packetstormsecurity.com/files/163419/Rocke… | x_refsource_MISC |
| https://blog.sonarsource.com/nosql-injections-in-… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Rocket.Chat server |
Affected:
Fixed in: 3.13.2, 3.12.4, 3.11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1130721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.sonarsource.com/nosql-injections-in-rocket-chat"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rocket.Chat server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in: 3.13.2, 3.12.4, 3.11.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 \u0026 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-30T18:44:53.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1130721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.sonarsource.com/nosql-injections-in-rocket-chat"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rocket.Chat server",
"version": {
"version_data": [
{
"version_value": "Fixed in: 3.13.2, 3.12.4, 3.11.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 \u0026 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1130721",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1130721"
},
{
"name": "http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html"
},
{
"name": "https://blog.sonarsource.com/nosql-injections-in-rocket-chat",
"refsource": "MISC",
"url": "https://blog.sonarsource.com/nosql-injections-in-rocket-chat"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22911",
"datePublished": "2021-05-27T11:14:39.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:58:25.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22910 (GCVE-0-2021-22910)
Vulnerability from cvelistv5 – Published: 2021-08-09 12:27 – Updated: 2024-08-03 18:58- CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/1130874 | x_refsource_MISC |
| https://blog.sonarsource.com/nosql-injections-in-… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Rocket.Chat server |
Affected:
Fixed versions: 3.13.2, 3.12.4, 3.11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1130874"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.sonarsource.com/nosql-injections-in-rocket-chat/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rocket.Chat server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed versions: 3.13.2, 3.12.4, 3.11.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A sanitization vulnerability exists in Rocket.Chat server versions \u003c3.13.2, \u003c3.12.4, \u003c3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T20:47:50.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1130874"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.sonarsource.com/nosql-injections-in-rocket-chat/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rocket.Chat server",
"version": {
"version_data": [
{
"version_value": "Fixed versions: 3.13.2, 3.12.4, 3.11.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A sanitization vulnerability exists in Rocket.Chat server versions \u003c3.13.2, \u003c3.12.4, \u003c3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1130874",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1130874"
},
{
"name": "https://blog.sonarsource.com/nosql-injections-in-rocket-chat/",
"refsource": "MISC",
"url": "https://blog.sonarsource.com/nosql-injections-in-rocket-chat/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22910",
"datePublished": "2021-08-09T12:27:46.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:58:26.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9471 (GCVE-0-2016-9471)
Vulnerability from cvelistv5 – Published: 2017-03-28 02:46 – Updated: 2024-08-06 02:50- CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/128181 | x_refsource_MISC |
| https://github.com/revive-adserver/revive-adserve… | x_refsource_MISC |
| https://www.revive-adserver.com/security/revive-s… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.5 and 4.0.0 |
Affected:
Revive Adserver All versions before 3.2.5 and 4.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/128181"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.5 and 4.0.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.5 and 4.0.0"
}
]
}
],
"datePublic": "2017-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren\u0027t properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/128181"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.5 and 4.0.0",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.5 and 4.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren\u0027t properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/128181",
"refsource": "MISC",
"url": "https://hackerone.com/reports/128181"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-002/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9471",
"datePublished": "2017-03-28T02:46:00.000Z",
"dateReserved": "2016-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:50:38.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2355-XF3R-FQGG
Vulnerability from github – Published: 2024-07-26 18:30 – Updated: 2024-08-01 15:32An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component.
{
"affected": [],
"aliases": [
"CVE-2024-24257"
],
"database_specific": {
"cwe_ids": [
"CWE-75"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-26T17:15:11Z",
"severity": "HIGH"
},
"details": "An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component.",
"id": "GHSA-2355-xf3r-fqgg",
"modified": "2024-08-01T15:32:12Z",
"published": "2024-07-26T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24257"
},
{
"type": "WEB",
"url": "https://idssgmcc.github.io/aran.github.io/1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2443-9W48-793G
Vulnerability from github – Published: 2024-10-29 15:32 – Updated: 2024-10-29 15:32lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character (e.g., \xa0). This vulnerability can be exploited to conduct phishing attacks, damage the application's brand, cause legal and compliance issues, and result in financial impact due to unauthorized email usage.
{
"affected": [],
"aliases": [
"CVE-2024-7472"
],
"database_specific": {
"cwe_ids": [
"CWE-74",
"CWE-75",
"CWE-93"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-29T13:15:09Z",
"severity": "MODERATE"
},
"details": "lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character (e.g., \\xa0). This vulnerability can be exploited to conduct phishing attacks, damage the application\u0027s brand, cause legal and compliance issues, and result in financial impact due to unauthorized email usage.",
"id": "GHSA-2443-9w48-793g",
"modified": "2024-10-29T15:32:05Z",
"published": "2024-10-29T15:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7472"
},
{
"type": "WEB",
"url": "https://github.com/lunary-ai/lunary/commit/a39837d7c49936a0c435d241f37ca2ea7904d2cd"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/dc1feec6-1efb-4538-9b56-ab25deb80948"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Programming languages and supporting technologies might be chosen which are not subject to these issues.
Mitigation
Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
CAPEC-93: Log Injection-Tampering-Forging
This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.