Common Weakness Enumeration

CWE-791

Allowed

Incomplete Filtering of Special Elements

Abstraction: Base · Status: Incomplete

The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

63 vulnerabilities reference this CWE, most recent first.

GHSA-8GFF-CF92-72PV

Vulnerability from github – Published: 2025-06-23 21:31 – Updated: 2025-06-25 14:12
VLAI
Summary
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function
Details

A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pyspur"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.1.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-6518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-791"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-25T14:12:09Z",
    "nvd_published_at": "2025-06-23T19:15:25Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-8gff-cf92-72pv",
  "modified": "2025-06-25T14:12:09Z",
  "published": "2025-06-23T21:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6518"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PySpur-Dev/pyspur/issues/289"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PySpur-Dev/pyspur"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.313638"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.313638"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.593612"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function"
}

GHSA-8P33-Q827-GHJ5

Vulnerability from github – Published: 2026-05-06 18:13 – Updated: 2026-06-18 22:54
VLAI
Summary
dssrf: every IPv6 category bypasses is_url_safe
Details

A vulnerability on dssrf allow, an attacker to use, one of them following ipv6

Input   Category
http://[::1]/   IPv6 loopback
http://[fc00::1]/   IPv6 ULA
http://[fe80::1]/   IPv6 link-local
http://[::ffff:127.0.0.1]/  IPv4-mapped loopback
http://[::ffff:169.254.169.254]/    IPv4-mapped IMDS
http://[::ffff:100.64.0.1]/ IPv4-mapped CGNAT
http://[64:ff9b::7f00:1]/   NAT64 well-known prefix
http://[64:ff9b:1::1]/  NAT64 local-use (RFC 8215)
http://[5f00::1]/   SRv6 SID (RFC 9602)
http://[3fff::1]/   IPv6 documentation (RFC 9637)
http://[fec0::1]/   IPv6 site-local (deprecated, RFC 3879)
http://[::127.0.0.1]/   IPv4-compatible IPv6

one of those to bypass dssrf and the attacker get SSRF, we claim that ipv6 disabled entirely that is wrong on our documentation

POC

mkdir dssrf-poc && cd dssrf-poc
npm init -y >/dev/null
npm install dssrf@^1.0.2
cat > audit.js <<'EOF'
const dssrf = require('dssrf');
const cases = [
  ['http://[::1]/',                         'IPv6 loopback'],
  ['http://[fc00::1]/',                     'IPv6 ULA'],
  ['http://[fe80::1]/',                     'IPv6 link-local'],
  ['http://[::ffff:127.0.0.1]/',            'IPv4-mapped loopback'],
  ['http://[::ffff:169.254.169.254]/',      'IPv4-mapped IMDS'],
  ['http://[64:ff9b::7f00:1]/',             'NAT64 well-known + 127.0.0.1'],
  ['http://[64:ff9b:1::1]/',                'NAT64 local-use (RFC 8215)'],
  ['http://[5f00::1]/',                     'SRv6 SID (RFC 9602)'],
  ['http://[fec0::1]/',                     'IPv6 site-local deprecated'],
  ['http://127.0.0.1/',                     'IPv4 loopback (control)'],
  ['http://10.0.0.1/',                      'IPv4 RFC1918 (control)'],
  ['http://8.8.8.8/',                       'PUBLIC IPv4 (control)'],
];
(async () => {
  for (const [url, label] of cases) {
    const safe = await dssrf.is_url_safe(url);
    console.log(`${safe ? '✓ALLOW' : '·block'}  ${url.padEnd(40)}  ${label}`);
  }
})();
EOF
node audit.js

Credit

Million Thank's to brmenna@gmail.com for reporting that responsibly.

Update

Users need to update from now to dssrf 1.0.3

Lessons Learned

AS we see in the past and today, a lot of advisories or cves bypasses uses IPv6, and IPv6 is the weakest link to be configured correctly and rarely properly tested, Since we blocked ipv4, our ipv6 blocking logic completly broken and never works

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "dssrf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44232"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-791"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T18:13:32Z",
    "nvd_published_at": "2026-05-12T21:16:16Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability on dssrf allow, an attacker to use, one of them following ipv6\n\n```rust\nInput\tCategory\nhttp://[::1]/\tIPv6 loopback\nhttp://[fc00::1]/\tIPv6 ULA\nhttp://[fe80::1]/\tIPv6 link-local\nhttp://[::ffff:127.0.0.1]/\tIPv4-mapped loopback\nhttp://[::ffff:169.254.169.254]/\tIPv4-mapped IMDS\nhttp://[::ffff:100.64.0.1]/\tIPv4-mapped CGNAT\nhttp://[64:ff9b::7f00:1]/\tNAT64 well-known prefix\nhttp://[64:ff9b:1::1]/\tNAT64 local-use (RFC 8215)\nhttp://[5f00::1]/\tSRv6 SID (RFC 9602)\nhttp://[3fff::1]/\tIPv6 documentation (RFC 9637)\nhttp://[fec0::1]/\tIPv6 site-local (deprecated, RFC 3879)\nhttp://[::127.0.0.1]/\tIPv4-compatible IPv6\n```\n\none of those to bypass dssrf and the attacker get **SSRF**, we claim that ipv6 disabled entirely that is wrong on our documentation\n\n### POC\n\n```bash\nmkdir dssrf-poc \u0026\u0026 cd dssrf-poc\nnpm init -y \u003e/dev/null\nnpm install dssrf@^1.0.2\ncat \u003e audit.js \u003c\u003c\u0027EOF\u0027\nconst dssrf = require(\u0027dssrf\u0027);\nconst cases = [\n  [\u0027http://[::1]/\u0027,                         \u0027IPv6 loopback\u0027],\n  [\u0027http://[fc00::1]/\u0027,                     \u0027IPv6 ULA\u0027],\n  [\u0027http://[fe80::1]/\u0027,                     \u0027IPv6 link-local\u0027],\n  [\u0027http://[::ffff:127.0.0.1]/\u0027,            \u0027IPv4-mapped loopback\u0027],\n  [\u0027http://[::ffff:169.254.169.254]/\u0027,      \u0027IPv4-mapped IMDS\u0027],\n  [\u0027http://[64:ff9b::7f00:1]/\u0027,             \u0027NAT64 well-known + 127.0.0.1\u0027],\n  [\u0027http://[64:ff9b:1::1]/\u0027,                \u0027NAT64 local-use (RFC 8215)\u0027],\n  [\u0027http://[5f00::1]/\u0027,                     \u0027SRv6 SID (RFC 9602)\u0027],\n  [\u0027http://[fec0::1]/\u0027,                     \u0027IPv6 site-local deprecated\u0027],\n  [\u0027http://127.0.0.1/\u0027,                     \u0027IPv4 loopback (control)\u0027],\n  [\u0027http://10.0.0.1/\u0027,                      \u0027IPv4 RFC1918 (control)\u0027],\n  [\u0027http://8.8.8.8/\u0027,                       \u0027PUBLIC IPv4 (control)\u0027],\n];\n(async () =\u003e {\n  for (const [url, label] of cases) {\n    const safe = await dssrf.is_url_safe(url);\n    console.log(`${safe ? \u0027\u2713ALLOW\u0027 : \u0027\u00b7block\u0027}  ${url.padEnd(40)}  ${label}`);\n  }\n})();\nEOF\nnode audit.js\n```\n\n### Credit\nMillion Thank\u0027s to \u003cbrmenna@gmail.com\u003e for reporting that responsibly.\n\n### Update\nUsers need to update from now to dssrf 1.0.3\n\n### Lessons Learned\nAS we see in the past and today, a lot of advisories or cves bypasses uses IPv6, and IPv6 is the weakest link to be configured correctly and rarely properly tested, Since we blocked ipv4, our ipv6 blocking logic completly broken and never works",
  "id": "GHSA-8p33-q827-ghj5",
  "modified": "2026-06-18T22:54:14Z",
  "published": "2026-05-06T18:13:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/HackingRepo/dssrf-js/security/advisories/GHSA-8p33-q827-ghj5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44232"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/HackingRepo/dssrf-js"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "dssrf: every IPv6 category bypasses is_url_safe"
}

GHSA-8V6X-2R55-MMXR

Vulnerability from github – Published: 2025-06-02 09:31 – Updated: 2026-01-15 18:31
VLAI
Details

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-791"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-02T08:15:20Z",
    "severity": "CRITICAL"
  },
  "details": "The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain\u00a0administrator privileges.",
  "id": "GHSA-8v6x-2r55-mmxr",
  "modified": "2026-01-15T18:31:25Z",
  "published": "2025-06-02T09:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0324"
    },
    {
      "type": "WEB",
      "url": "https://www.axis.com/dam/public/04/f3/1c/cve-2025-0324pdf-en-US-483807.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8WG6-4HM6-85F2

Vulnerability from github – Published: 2025-06-27 12:31 – Updated: 2025-06-27 12:31
VLAI
Details

A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The manipulation leads to improper neutralization of special elements used in a template engine. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor explains, that in the fixed release "Freemarker is set to 'ALLOWS_NOTHING_RESOLVER' to not parse any classes."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6761"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-791"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-27T11:15:25Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \\k3\\o2o\\bos\\webapp\\action\\DynamicForm 4 Action.class of the component Freemarker Engine. The manipulation leads to improper neutralization of special elements used in a template engine. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor explains, that in the fixed release \"Freemarker is set to \u0027ALLOWS_NOTHING_RESOLVER\u0027 to not parse any classes.\"",
  "id": "GHSA-8wg6-4hm6-85f2",
  "modified": "2025-06-27T12:31:14Z",
  "published": "2025-06-27T12:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6761"
    },
    {
      "type": "WEB",
      "url": "https://vip.kingdee.com/link/s/ZlWX7"
    },
    {
      "type": "WEB",
      "url": "https://vip.kingdee.com/school/detail/713028702245944320"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.314072"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.314072"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.601207"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-F339-R2MR-9CR3

Vulnerability from github – Published: 2025-08-18 00:30 – Updated: 2025-08-18 00:30
VLAI
Details

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-791"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-17T23:15:27Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that \"[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0).\"",
  "id": "GHSA-f339-r2mr-9cr3",
  "modified": "2025-08-18T00:30:30Z",
  "published": "2025-08-18T00:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9094"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1cZy-rfQXsF58kJIVs4UXj7usXJuhjZjA/view"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.320416"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.320416"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.626292"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-F7QV-V8H9-5244

Vulnerability from github – Published: 2023-03-27 21:30 – Updated: 2023-04-05 15:30
VLAI
Details

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-791",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-27T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.",
  "id": "GHSA-f7qv-v8h9-5244",
  "modified": "2023-04-05T15:30:24Z",
  "published": "2023-03-27T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1076"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=66b2c338adce580dfce2199591e65e2bab889cff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a096ccca6e503a5c575717ff8a36ace27510ab0a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H3RR-9WQJ-V3C6

Vulnerability from github – Published: 2026-04-25 18:32 – Updated: 2026-05-05 20:22
VLAI
Summary
AstrBot has Incomplete Filtering of Special Elements
Details

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "AstrBot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.22.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-6984"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-791"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T20:22:14Z",
    "nvd_published_at": "2026-04-25T16:16:17Z",
    "severity": "LOW"
  },
  "details": "A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-h3rr-9wqj-v3c6",
  "modified": "2026-05-05T20:22:14Z",
  "published": "2026-04-25T18:32:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6984"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AstrBotDevs/AstrBot/issues/7330"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/AstrBotDevs/AstrBot"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/796164"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359527"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359527/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "AstrBot has Incomplete Filtering of Special Elements"
}

GHSA-HV2C-WF43-5V98

Vulnerability from github – Published: 2025-03-06 21:31 – Updated: 2025-03-06 21:31
VLAI
Details

A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-791"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-06T20:15:38Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-hv2c-wf43-5v98",
  "modified": "2025-03-06T21:31:27Z",
  "published": "2025-03-06T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2040"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uglory-gll/javasec/blob/main/ruoyi-vue-pro.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.298783"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.298783"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.512574"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-J46P-X79W-X93V

Vulnerability from github – Published: 2025-05-29 21:31 – Updated: 2025-10-03 15:31
VLAI
Details

A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5325"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-791"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-29T20:15:27Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in zhilink \u667a\u4e92\u8054(\u6df1\u5733)\u79d1\u6280\u6709\u9650\u516c\u53f8 ADP Application Developer Platform \u5e94\u7528\u5f00\u53d1\u8005\u5e73\u53f0 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-j46p-x79w-x93v",
  "modified": "2025-10-03T15:31:15Z",
  "published": "2025-05-29T21:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5325"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.310495"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.310495"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.581275"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-J58C-WW9W-PWP5

Vulnerability from github – Published: 2025-04-29 18:30 – Updated: 2025-11-03 21:33
VLAI
Summary
AngularJS improperly sanitizes SVG elements
Details

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.

This issue affects all versions of AngularJS.

Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "angular"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-0716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-791"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-30T14:18:11Z",
    "nvd_published_at": "2025-04-29T17:15:39Z",
    "severity": "LOW"
  },
  "details": "Improper sanitization of the value of the \u0027href\u0027 and \u0027xlink:href\u0027 attributes in \u0027\u003cimage\u003e\u0027 SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing \u00a0and also negatively affect the application\u0027s performance and behavior by using too large or slow-to-load images.\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .",
  "id": "GHSA-j58c-ww9w-pwp5",
  "modified": "2025-11-03T21:33:41Z",
  "published": "2025-04-29T18:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0716"
    },
    {
      "type": "WEB",
      "url": "https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/angular/angular.js"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-0716"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "AngularJS improperly sanitizes SVG elements"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.