Common Weakness Enumeration

CWE-95

Allowed

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

263 vulnerabilities reference this CWE, most recent first.

GHSA-5V3C-9G74-93W7

Vulnerability from github – Published: 2026-01-23 06:31 – Updated: 2026-01-23 06:31
VLAI
Details

Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of eval_custom_component_code function. The issue results from the lack of proper validation of a user-supplied string before using it to execute python code. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26972.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0769"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-95"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-23T04:16:03Z",
    "severity": "CRITICAL"
  },
  "details": "Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of eval_custom_component_code function. The issue results from the lack of proper validation of a user-supplied string before using it to execute python code. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26972.",
  "id": "GHSA-5v3c-9g74-93w7",
  "modified": "2026-01-23T06:31:24Z",
  "published": "2026-01-23T06:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0769"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-035"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5XRP-6693-JJX9

Vulnerability from github – Published: 2026-01-27 15:30 – Updated: 2026-01-29 15:02
VLAI
Summary
n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution
Details

n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.

An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.123.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-1470"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-29T15:02:29Z",
    "nvd_published_at": "2026-01-27T15:15:57Z",
    "severity": "CRITICAL"
  },
  "details": "n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.\n\nAn authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.",
  "id": "GHSA-5xrp-6693-jjx9",
  "modified": "2026-01-29T15:02:29Z",
  "published": "2026-01-27T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1470"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/commit/25c4b9605b420a98d0185a4f01115122a5134d8f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/commit/30383d86139f3279a698df8d229eadfefe8627f4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    },
    {
      "type": "WEB",
      "url": "https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution"
}

GHSA-62PR-QQF7-HH89

Vulnerability from github – Published: 2023-11-08 14:51 – Updated: 2023-11-08 14:51
VLAI
Summary
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest
Details

Impact

XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document XWiki.AdminSheet (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance.

By opening the URL <server>/xwiki/bin/get/Main/WebHome?sheet=XWiki.AdminSheet&viewer=content&section=%5D%5D%7B%7B%2Fhtml%7D%7D%7B%7Basync%7D%7D%7B%7Bgroovy%7D%7Dservices.logging.getLogger(%22attacker%22).error(%22Attack%20succeeded!%22)%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D&xpage=view where <server> is the URL of the XWiki installation, it can be tested if an XWiki installation is vulnerable. If this causes a log message ERROR attacker - Attack succeeded! to appear in XWiki's log, the installation is vulnerable. In very old versions of XWiki, the attack can be demonstrated with <server>/xwiki/bin/get/XWiki/XWikiPreferences?section=%3C%25println(%22Hello%20from%20Groovy%22)%25%3E&xpage=view which displays admin.hello from groovy as title when the attack succeeds (tested on XWiki 1.7).

Patches

This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1.

Workarounds

The fix, which consists of replacing = $services.localization.render("administration.sectionTitle$level", [$sectionName]) = by = $services.localization.render("administration.sectionTitle$level", 'xwiki/2.1', [$sectionName]) =, can be applied manually to the document XWiki.AdminSheet.

References

  • https://jira.xwiki.org/browse/XWIKI-21110
  • https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-administration-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-administration-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0-rc-1"
            },
            {
              "fixed": "15.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-administration"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.10.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-08T14:51:06Z",
    "nvd_published_at": "2023-11-06T19:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nXWiki doesn\u0027t properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance.\n\nBy opening the URL `\u003cserver\u003e/xwiki/bin/get/Main/WebHome?sheet=XWiki.AdminSheet\u0026viewer=content\u0026section=%5D%5D%7B%7B%2Fhtml%7D%7D%7B%7Basync%7D%7D%7B%7Bgroovy%7D%7Dservices.logging.getLogger(%22attacker%22).error(%22Attack%20succeeded!%22)%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D\u0026xpage=view` where `\u003cserver\u003e` is the URL of the XWiki installation, it can be tested if an XWiki installation is vulnerable. If this causes a log message `ERROR attacker                       - Attack succeeded!` to appear in XWiki\u0027s log, the installation is vulnerable. In very old versions of XWiki, the attack can be demonstrated with `\u003cserver\u003e/xwiki/bin/get/XWiki/XWikiPreferences?section=%3C%25println(%22Hello%20from%20Groovy%22)%25%3E\u0026xpage=view` which displays `admin.hello from groovy` as title when the attack succeeds (tested on XWiki 1.7).\n\n### Patches\nThis vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1.\n\n### Workarounds\nThe [fix](https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23), which consists of replacing `= $services.localization.render(\"administration.sectionTitle$level\", [$sectionName]) =` by `= $services.localization.render(\"administration.sectionTitle$level\", \u0027xwiki/2.1\u0027, [$sectionName]) =`, can be applied manually to the document `XWiki.AdminSheet`.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-21110\n* https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a",
  "id": "GHSA-62pr-qqf7-hh89",
  "modified": "2023-11-08T14:51:06Z",
  "published": "2023-11-08T14:51:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46731"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-21110"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest"
}

GHSA-6JJ6-GM7P-FCVV

Vulnerability from github – Published: 2024-07-01 20:34 – Updated: 2025-10-22 19:25
VLAI
Summary
Remote Code Execution (RCE) vulnerability in geoserver
Details

Summary

Multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.

Details

The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to ALL GeoServer instances.

PoC

No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests.

Impact

This vulnerability can lead to executing arbitrary code.

Workaround

A workaround exists by removing the gt-complex-x.y.jar file from the GeoServer where x.y is the GeoTools version (e.g., gt-complex-31.1.jar if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed by an extension you are using:

Mitigation for geoserver.war deploy:

  1. Stop the application server
  2. Unzip geoserver.war into a directory
  3. Locate the file WEB-INF/lib/gt-complex-x.y.jar and remove
  4. Zip the directory into a new geoserver.war
  5. Restart the application server

Mitigation for GeoServer binary:

  1. Stop Jetty
  2. Locate the file webapps/geoserver/WEB-INF/lib/gt-complex-x.y.jar and remove
  3. Restart Jetty

The following extensions and community modules are known to have a direct dependency on gt-complex jar and are not expected function properly without it. This is not comprehensive list and additional GeoServer functionality may be dependent on the availability of gt-complex jar: * Extensions: Application Schema, Catalog Services for the Web, MongoDB Data Store * Community Modules: Features-Templating, OGC API Modules, Smart Data Loader, SOLR Data Store

Mitigation available for prior releases patching three jars in your existing install:

  1. Patched gt-app-schema, gt-complex and gt-xsd-core jars may be downloaded for GeoServer: 2.25.1, 2.24.3, 2.24.2, 2.23.2, 2.22.2, 2.21.5, 2.21.4,2.20.7, 2.20.4, 2.19.2, 2.18.0.

As example the 2.25.1 page links to geoserver-2.25.1-patches.zip download on source forge.

  1. Unzip the geoserver-x.y.z-patches.zip which contains three jars that have been patched to configure commons-jxpath with an empty function list prior to use. These files are drop-in replacements with identical file names to those they are replacing.

  2. Follow the instructions above to locate WEB-INF/lib folder and replace the existing gt-app-schema, gt-complex and gt-xsd-core jars with those supplied by the patch.

References

https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w https://osgeo-org.atlassian.net/browse/GEOT-7587 https://github.com/geotools/geotools/pull/4797 https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver.web:gs-web-app"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.24.0"
            },
            {
              "fixed": "2.24.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver:gs-wfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.24.0"
            },
            {
              "fixed": "2.24.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver:gs-wms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.24.0"
            },
            {
              "fixed": "2.24.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver.web:gs-web-app"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.25.0"
            },
            {
              "fixed": "2.25.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver:gs-wfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.25.0"
            },
            {
              "fixed": "2.25.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver:gs-wms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.25.0"
            },
            {
              "fixed": "2.25.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver.web:gs-web-app"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.23.0"
            },
            {
              "fixed": "2.23.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver:gs-wfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.23.0"
            },
            {
              "fixed": "2.23.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver:gs-wms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.23.0"
            },
            {
              "fixed": "2.23.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver.web:gs-web-app"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.22.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver:gs-wfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.22.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.geoserver:gs-wms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.22.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-36401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-01T20:34:50Z",
    "nvd_published_at": "2024-07-01T16:15:04Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nMultiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.\n\n### Details\nThe GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances.\n\n### PoC\nNo public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests.\n\n### Impact\nThis vulnerability can lead to executing arbitrary code.\n\n### Workaround\n\nA workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed by an extension you are using:\n\nMitigation for `geoserver.war` deploy:\n\n1. Stop the application server\n2. Unzip `geoserver.war` into a directory\n3. Locate the file `WEB-INF/lib/gt-complex-x.y.jar` and remove\n4. Zip the directory into a new `geoserver.war`\n5. Restart the application server\n\nMitigation for GeoServer binary:\n\n1. Stop Jetty\n2. Locate the file `webapps/geoserver/WEB-INF/lib/gt-complex-x.y.jar` and remove\n3. Restart Jetty\n\nThe following extensions and community modules are known to have a direct dependency on `gt-complex` jar and are not expected function properly without it. This is not comprehensive list and additional GeoServer functionality may be dependent on the availability of `gt-complex` jar:\n* Extensions: Application Schema, Catalog Services for the Web, MongoDB Data Store\n* Community Modules: Features-Templating, OGC API Modules, Smart Data Loader, SOLR Data Store\n\nMitigation available for prior releases patching three jars in your existing install:\n\n1. Patched `gt-app-schema`, `gt-complex` and `gt-xsd-core` jars may be downloaded for GeoServer: [2.25.1](https://sourceforge.net/projects/geoserver/files/GeoServer/2.25.1/geoserver-2.25.1-patches.zip/download), [2.24.3](https://sourceforge.net/projects/geoserver/files/GeoServer/2.24.3/geoserver-2.24.3-patches.zip/download), [2.24.2](https://sourceforge.net/projects/geoserver/files/GeoServer/2.24.2/geoserver-2.24.2-patches.zip/download), [2.23.2](https://sourceforge.net/projects/geoserver/files/GeoServer/2.23.2/geoserver-2.23.2-patches.zip/download), [2.22.2](https://sourceforge.net/projects/geoserver/files/GeoServer/2.22.2/geoserver-2.22.2-patches.zip/download), [2.21.5](https://sourceforge.net/projects/geoserver/files/GeoServer/2.21.5/geoserver-2.21.5-patches.zip/download), [2.21.4](https://sourceforge.net/projects/geoserver/files/GeoServer/2.21.4/geoserver-2.21.4-patches.zip/download),[2.20.7](https://sourceforge.net/projects/geoserver/files/GeoServer/2.20.7/geoserver-2.20.7-patches.zip/download), [2.20.4](https://sourceforge.net/projects/geoserver/files/GeoServer/2.20.4/geoserver-2.20.4-patches.zip/download), [2.19.2](https://sourceforge.net/projects/geoserver/files/GeoServer/2.19.2/geoserver-2.19.2-patches.zip/download), [2.18.0](https://sourceforge.net/projects/geoserver/files/GeoServer/2.18.0/geoserver-2.18.0-patches.zip/download).\n  \n   As example the 2.25.1 page links to [geoserver-2.25.1-patches.zip](https://sourceforge.net/projects/geoserver/files/GeoServer/2.25.1/geoserver-2.25.1-patches.zip/download) download on source forge.\n\n2. Unzip the `geoserver-x.y.z-patches.zip` which contains three jars that have been patched to configure `commons-jxpath` with an empty function list prior to use. These files are drop-in replacements with identical file names to those they are replacing.\n\n3. Follow the instructions above to locate `WEB-INF/lib` folder and replace the existing `gt-app-schema`, `gt-complex` and `gt-xsd-core` jars with those supplied by the patch.\n\n### References\nhttps://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w\nhttps://osgeo-org.atlassian.net/browse/GEOT-7587\nhttps://github.com/geotools/geotools/pull/4797\nhttps://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852",
  "id": "GHSA-6jj6-gm7p-fcvv",
  "modified": "2025-10-22T19:25:52Z",
  "published": "2024-07-01T20:34:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv"
    },
    {
      "type": "WEB",
      "url": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36401"
    },
    {
      "type": "WEB",
      "url": "https://github.com/geotools/geotools/pull/4797"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/geoserver/geoserver"
    },
    {
      "type": "WEB",
      "url": "https://osgeo-org.atlassian.net/browse/GEOT-7587"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-36401"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/geoserver-rce-cve-2024-36401"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Remote Code Execution (RCE) vulnerability in geoserver"
}

GHSA-6MF5-36V9-3H2W

Vulnerability from github – Published: 2023-06-20 16:46 – Updated: 2023-06-20 16:46
VLAI
Summary
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application
Details

Impact

Any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. See the example below: Open <xwiki-host>/xwiki/bin/view/%5D%5D%20%7B%7Basync%20async%3D%22true%22%20cached%3D%22false%22%20context%3D%22doc.reference%22%7D%7D%7B%7Bgroovy%7D%7Dprintln(%22Hello%20%22%20%2B%20%22from%20groovy!%22)%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D?sheet=Invitation.InvitationGuestActions&xpage=view where <xwiki-host> is the URL of your XWiki installation.

Patches

The problem as been patching on XWiki 15.0, 14.10.4 and 14.4.8.

Workarounds

It is possible to partially fix the issue by applying this patch. Note that some additional issue can remain and can be fixed automatically by a migration. Hence, it is advised to upgrade to one of the patched version instead of patching manually.

References

  • https://jira.xwiki.org/browse/XWIKI-20285

For more information

If you have any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-invitation-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4-m-2"
            },
            {
              "fixed": "14.4.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-invitation-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.5"
            },
            {
              "fixed": "14.10.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-invitation-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0-rc-1"
            },
            {
              "fixed": "15.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-35150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-20T16:46:11Z",
    "nvd_published_at": "2023-06-23T17:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nAny user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. See the example below:\nOpen `\u003cxwiki-host\u003e/xwiki/bin/view/%5D%5D%20%7B%7Basync%20async%3D%22true%22%20cached%3D%22false%22%20context%3D%22doc.reference%22%7D%7D%7B%7Bgroovy%7D%7Dprintln(%22Hello%20%22%20%2B%20%22from%20groovy!%22)%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D?sheet=Invitation.InvitationGuestActions\u0026xpage=view` where `\u003cxwiki-host\u003e` is the URL of your XWiki installation.\n\n### Patches\nThe problem as been patching on XWiki 15.0, 14.10.4 and 14.4.8.\n\n### Workarounds\nIt is possible to partially fix the issue by applying this [patch](https://github.com/xwiki/xwiki-platform/commit/b65220a4d86b8888791c3b643074ebca5c089a3a). Note that some additional issue can remain and can be fixed automatically by a migration. Hence, it is advised to upgrade to one of the patched version instead of patching manually.\n\n### References\n- https://jira.xwiki.org/browse/XWIKI-20285\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n*    Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n*    Email us at [Security Mailing List](mailto:security@xwiki.org)",
  "id": "GHSA-6mf5-36v9-3h2w",
  "modified": "2023-06-20T16:46:11Z",
  "published": "2023-06-20T16:46:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6mf5-36v9-3h2w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35150"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/b65220a4d86b8888791c3b643074ebca5c089a3a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20285"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application"
}

GHSA-6P55-QR3J-MPGQ

Vulnerability from github – Published: 2024-11-05 00:31 – Updated: 2024-11-07 17:10
VLAI
Summary
AgentScope uses `eval`
Details

In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "agentscope"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-48050"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-05T16:10:09Z",
    "nvd_published_at": "2024-11-04T23:15:04Z",
    "severity": "HIGH"
  },
  "details": "In agentscope \u003c=v0.0.4, the file `agentscope\\web\\workstation\\workflow_utils.py` has the function `is_callable_expression`. Within this function, the line `result = eval(s)` poses a security risk as it can directly execute user-provided commands.",
  "id": "GHSA-6p55-qr3j-mpgq",
  "modified": "2024-11-07T17:10:05Z",
  "published": "2024-11-05T00:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48050"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/AfterSnows/0ad9d233a9d2a5b7e6e5273e2e23508d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/modelscope/agentscope"
    },
    {
      "type": "WEB",
      "url": "https://github.com/modelscope/agentscope/blob/main/src/agentscope/web/workstation/workflow_utils.py#L11"
    },
    {
      "type": "WEB",
      "url": "https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Code-Execution-via-The-use-of-eval-in-is_callable_expression-and-sanitize_nod-cd4ea6c576da4e0b965ef596855c298d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "AgentScope uses `eval`"
}

GHSA-6QVP-39MM-95V8

Vulnerability from github – Published: 2025-03-07 16:07 – Updated: 2025-03-07 19:16
VLAI
Summary
com.xwiki.confluencepro:application-confluence-migrator-pro-ui Remote Code Execution via unescaped translations
Details

Impact

A user that doesn't have programming rights can execute arbitrary code when creating a page using the Migration Page template. A possible attack vector is the following: * Create a page and add the following content:

confluencepro.job.question.advanced.input={{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("hello from groovy!"){{/groovy}}{{/async}}
  • Use the object editor to add an object of type XWiki.TranslationDocumentClass with scope USER.
  • Access an unexisting page using the MigrationTemplate
http://localhost:8080/xwiki/bin/edit/Page123?template=ConfluenceMigratorPro.Code.MigrationTemplate

It is expected that {{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("hello from groovy!"){{/groovy}}{{/async}} will be present on the page, however, hello from groovy will be printed.

Patches

The issue will be fixed as part of v1.2. The fix was added with commit 35cef22

Workarounds

There are no known workarounds besides upgrading.

References

No references.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.xwiki.confluencepro:application-confluence-migrator-pro-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-27603"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-07T16:07:50Z",
    "nvd_published_at": "2025-03-07T16:15:40Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nA user that doesn\u0027t have programming rights can execute arbitrary code when creating a page using the Migration Page template.\nA possible attack vector is the following:\n* Create a page and add the following content: \n```\nconfluencepro.job.question.advanced.input={{/html}} {{async async=\"true\" cached=\"false\" context=\"doc.reference\"}}{{groovy}}println(\"hello from groovy!\"){{/groovy}}{{/async}}\n```\n* Use the object editor to add an object of type `XWiki.TranslationDocumentClass` with scope `USER`.\n* Access an unexisting page using the `MigrationTemplate` \n```\nhttp://localhost:8080/xwiki/bin/edit/Page123?template=ConfluenceMigratorPro.Code.MigrationTemplate\n```\nIt is expected that `{{/html}} {{async async=\"true\" cached=\"false\" context=\"doc.reference\"}}{{groovy}}println(\"hello from groovy!\"){{/groovy}}{{/async}}` will be present on the page, however, `hello from groovy` will be printed.\n### Patches\nThe issue will be fixed as part of v1.2. The fix was added with commit [35cef22](https://github.com/xwikisas/application-confluence-migrator-pro/commit/36cef2271bd429773698ca3a21e47b6d51d6377d)\n\n### Workarounds\nThere are no known workarounds besides upgrading.\n\n### References\nNo references.",
  "id": "GHSA-6qvp-39mm-95v8",
  "modified": "2025-03-07T19:16:50Z",
  "published": "2025-03-07T16:07:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-6qvp-39mm-95v8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27603"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwikisas/application-confluence-migrator-pro/commit/36cef2271bd429773698ca3a21e47b6d51d6377d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwikisas/application-confluence-migrator-pro"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "com.xwiki.confluencepro:application-confluence-migrator-pro-ui Remote Code Execution via unescaped translations"
}

GHSA-723H-X37G-F8QM

Vulnerability from github – Published: 2024-09-18 18:30 – Updated: 2024-09-25 19:28
VLAI
Summary
Chaosblade vulnerable to OS command execution
Details

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/chaosblade-io/chaosblade"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.3"
            },
            {
              "fixed": "1.7.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-47105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-18T19:34:07Z",
    "nvd_published_at": "2024-09-18T17:15:18Z",
    "severity": "CRITICAL"
  },
  "details": "exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.",
  "id": "GHSA-723h-x37g-f8qm",
  "modified": "2024-09-25T19:28:11Z",
  "published": "2024-09-18T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47105"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chaosblade-io/chaosblade/commit/6bc73c31e14ea2b1bfc30f359e1fe952859d9adc"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-723h-x37g-f8qm"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/chaosblade-io/chaosblade"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chaosblade-io/chaosblade/blob/0a07380c9899febb2b544132783b376b44226cca/exec/os/executor.go#L68"
    },
    {
      "type": "WEB",
      "url": "https://narrow-oatmeal-0c0.notion.site/ChaosBlade-Remote-Command-Execution-CVE-2023-47105-4f5459046488436caaec2bced6ff26d7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Chaosblade vulnerable to OS command execution"
}

GHSA-75G8-RV7V-32F7

Vulnerability from github – Published: 2026-02-25 21:21 – Updated: 2026-02-27 21:51
VLAI
Summary
n8n has Unauthenticated Expression Evaluation via Form Node
Details

Impact

A second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code execution on the n8n host.

The vulnerability requires a specific workflow configuration to be exploitable: 1. A form node with a field interpolating a value provided by an unauthenticated user, e.g. a form submitted value. 2. The field value must begin with an = character, which caused n8n to treat it as an expression and triggered a double-evaluation of the field content. For example, a workflow uses a multi-step Form where a downstream Form node renders user-provided input back in an HTML field and precedes it with an = sign: =<h2>Thank you, {{ $input.first().json[\"Name\"] }}!</h2>

There is no practical reason for a workflow designer to prefix a field with = intentionally — the character is not rendered in the output, so the result would not match the designer's expectations. If added accidentally, it would be noticeable and very unlikely to persist. An unauthenticated attacker would need to either know about this specific circumstance on a target instance or discover a matching form by chance.

Even when the preconditions are met, the expression injection alone is limited to data accessible within the n8n expression context. Escalation to remote code execution requires chaining with a separate sandbox escape vulnerability.

Due to these real-world constraints — the unlikely workflow configuration, the need for an additional sandbox escape, and the difficulty of discovery — we have assessed the severity as High rather than Critical, diverging from the base CVSS score to better reflect actual exploitability.

Patches

The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Review usage of form nodes manually for above mentioned preconditions. - Disable the Form node by adding n8n-nodes-base.form to the NODES_EXCLUDE environment variable. - Disable the Form Trigger node by adding n8n-nodes-base.formTrigger to the NODES_EXCLUDE environment variable.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.123.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-25T21:21:36Z",
    "nvd_published_at": "2026-02-25T23:16:20Z",
    "severity": "CRITICAL"
  },
  "details": "## Impact\nA second-order expression injection vulnerability existed in n8n\u0027s Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code execution on the n8n host.\n\nThe vulnerability requires a specific workflow configuration to be exploitable:\n1. A form node with a field interpolating a value provided by an unauthenticated user, e.g. a form submitted value.\n2. The field value must begin with an `=` character, which caused n8n to treat it as an expression and triggered a double-evaluation of the field content.\nFor example, a workflow uses a multi-step Form where a downstream Form node renders user-provided input back in an HTML field and precedes it with an `=` sign:\n`=\u003ch2\u003eThank you, {{ $input.first().json[\\\"Name\\\"] }}!\u003c/h2\u003e`\n\nThere is no practical reason for a workflow designer to prefix a field with `=` intentionally \u2014 the character is not rendered in the output, so the result would not match the designer\u0027s expectations. If added accidentally, it would be noticeable and very unlikely to persist. An unauthenticated attacker would need to either know about this specific circumstance on a target instance or discover a matching form by chance.\n\nEven when the preconditions are met, the expression injection alone is limited to data accessible within the n8n expression context. Escalation to remote code execution requires chaining with a separate sandbox escape vulnerability.\n\nDue to these real-world constraints \u2014 the unlikely workflow configuration, the need for an additional sandbox escape, and the difficulty of discovery \u2014 we have assessed the severity as High rather than Critical, diverging from the base CVSS score to better reflect actual exploitability.\n\n## Patches\nThe issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Review usage of form nodes manually for above mentioned preconditions.\n- Disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable.\n- Disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.",
  "id": "GHSA-75g8-rv7v-32f7",
  "modified": "2026-02-27T21:51:05Z",
  "published": "2026-02-25T21:21:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27493"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/issues/19"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/commit/562d867483e871b0f1e31776252e23bd721df75b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "n8n has Unauthenticated Expression Evaluation via Form Node"
}

GHSA-77RH-M34W-RV36

Vulnerability from github – Published: 2026-04-02 15:31 – Updated: 2026-04-04 06:02
VLAI
Summary
Agno is vulnerable to Eval Injection
Details

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "agno"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-04T06:02:27Z",
    "nvd_published_at": "2026-04-02T15:16:52Z",
    "severity": "CRITICAL"
  },
  "details": "Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.",
  "id": "GHSA-77rh-m34w-rv36",
  "modified": "2026-04-04T06:02:27Z",
  "published": "2026-04-02T15:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35002"
    },
    {
      "type": "WEB",
      "url": "https://github.com/agno-agi/agno/commit/cbf675521d4d2281925a051784a3b94172e56416"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/agno-agi/agno"
    },
    {
      "type": "WEB",
      "url": "https://github.com/agno-agi/agno/releases/tag/v2.3.24"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-execution"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Agno is vulnerable to Eval Injection"
}

Mitigation
Architecture and Design Implementation

Strategy: Refactoring

If possible, refactor your code so that it does not need to use eval() at all.

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation
Implementation
  • Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.
  • Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content.
Mitigation
Implementation

For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.