csaf_redhat - rhsa-2025:7626

rhsa-2025:7626

Vulnerability from csaf_redhat

Published

2025-05-14 17:51

Modified

2025-09-25 15:30

Summary

Red Hat Security Advisory: Red Hat Developer Hub 1.6.0 release.

Notes

Topic

Red Hat Developer Hub 1.6.0 has been released.

Details

Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Developer Hub 1.6.0 has been released.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:7626",
        "url": "https://access.redhat.com/errata/RHSA-2025:7626"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2024-12905",
        "url": "https://access.redhat.com/security/cve/CVE-2024-12905"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2024-21534",
        "url": "https://access.redhat.com/security/cve/CVE-2024-21534"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-26791",
        "url": "https://access.redhat.com/security/cve/CVE-2025-26791"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-29775",
        "url": "https://access.redhat.com/security/cve/CVE-2025-29775"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
        "url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
      },
      {
        "category": "external",
        "summary": "https://developers.redhat.com/rhdh/overview",
        "url": "https://developers.redhat.com/rhdh/overview"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
        "url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7626.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Developer Hub 1.6.0 release.",
    "tracking": {
      "current_release_date": "2025-09-25T15:30:36+00:00",
      "generator": {
        "date": "2025-09-25T15:30:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.8"
        }
      },
      "id": "RHSA-2025:7626",
      "initial_release_date": "2025-05-14T17:51:56+00:00",
      "revision_history": [
        {
          "date": "2025-05-14T17:51:56+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-08-20T09:36:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-09-25T15:30:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Developer Hub 1.6",
                "product": {
                  "name": "Red Hat Developer Hub 1.6",
                  "product_id": "Red Hat Developer Hub 1.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhdh:1.6::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Developer Hub"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-hub-rhel9@sha256%3Ab6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.6.0-1745956724"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.6.0-1745956395"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-operator-bundle@sha256%3A3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.6.0-1745970106"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64 as a component of Red Hat Developer Hub 1.6",
          "product_id": "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64 as a component of Red Hat Developer Hub 1.6",
          "product_id": "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64 as a component of Red Hat Developer Hub 1.6",
          "product_id": "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12905",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2025-03-27T17:02:14.911888+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355460"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the tar-fs package for Node.js. In affected versions, unauthorized file writes or overwrites outside the intended extraction directory can occur when extracting a maliciously crafted tar file. The issue is associated with index.js in the tar-fs package.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tar-fs: link following and path traversal via maliciously crafted tar file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as an important severity because it allows attackers to extract a malicious tar file that can write or overwrite files outside the intended directory. This occurs due to improper handling of link resolution and pathname limitations. The risk is high for systems that automatically extract tar files, as it can lead to data corruption or unauthorized file modifications without user interaction.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-12905"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355460",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-12905",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905"
        },
        {
          "category": "external",
          "summary": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed",
          "url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
        }
      ],
      "release_date": "2025-03-27T16:25:34.410000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-14T17:51:56+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:7626"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tar-fs: link following and path traversal via maliciously crafted tar file"
    },
    {
      "cve": "CVE-2024-21534",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2024-10-11T06:00:50.977825+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2317968"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jsonpath-plus. This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for malicious code injection. This issue occurs due to the way jsonpath-plus evaluates JSON paths using vm, a Node.js module that allows code execution. If user input is not properly sanitized, an attacker can craft JSON paths that execute dangerous commands, such as reading sensitive files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat\u0027s initial impact rating of critical has been downgraded to low. While the vulnerable code is technically still present within Red Hat products, there are no code paths in affected products which allow exploitation. As such, the impact to Red Hat products is low.\n\nEach of the products listed have multiple components where a fixed build could occur. This distinction does not matter for users as only one build needs fixed for the product. Additionally, in Red Hat OpenShift AI, jsonpath-plus is a dependency of a direct dependency and is never loaded, as the direct dependency\u0027s feature that requires jsonpath-plus is not used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21534"
        },
        {
          "category": "external",
          "summary": "RHBZ#2317968",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21534",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534"
        },
        {
          "category": "external",
          "summary": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3",
          "url": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3"
        },
        {
          "category": "external",
          "summary": "https://github.com/JSONPath-Plus/JSONPath/issues/226",
          "url": "https://github.com/JSONPath-Plus/JSONPath/issues/226"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884",
          "url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884"
        }
      ],
      "release_date": "2024-10-11T05:00:01.824000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-14T17:51:56+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:7626"
        },
        {
          "category": "workaround",
          "details": "Red Hat Product Security recommends updating the vulnerable software to the latest version.",
          "product_ids": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization"
    },
    {
      "cve": "CVE-2025-26791",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-02-14T09:00:45.578144+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2345695"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-26791"
        },
        {
          "category": "external",
          "summary": "RHBZ#2345695",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-26791",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791"
        },
        {
          "category": "external",
          "summary": "https://ensy.zip/posts/dompurify-323-bypass/",
          "url": "https://ensy.zip/posts/dompurify-323-bypass/"
        },
        {
          "category": "external",
          "summary": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
          "url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
        },
        {
          "category": "external",
          "summary": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
          "url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
        },
        {
          "category": "external",
          "summary": "https://nsysean.github.io/posts/dompurify-323-bypass/",
          "url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
        }
      ],
      "release_date": "2025-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-14T17:51:56+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:7626"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling"
    },
    {
      "cve": "CVE-2025-29775",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2025-03-14T18:01:22.409532+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2352600"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
          "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-29775"
        },
        {
          "category": "external",
          "summary": "RHBZ#2352600",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352600"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-29775",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775"
        },
        {
          "category": "external",
          "summary": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
          "url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
        },
        {
          "category": "external",
          "summary": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
          "url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
        },
        {
          "category": "external",
          "summary": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
          "url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
        },
        {
          "category": "external",
          "summary": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
        },
        {
          "category": "external",
          "summary": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
        },
        {
          "category": "external",
          "summary": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
        },
        {
          "category": "external",
          "summary": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3",
          "url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3"
        }
      ],
      "release_date": "2025-03-14T17:11:05.590000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-14T17:51:56+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:7626"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
            "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment"
    }
  ]
}

CVE-2025-29775 (GCVE-0-2025-29775)

Vulnerability from cvelistv5

Published

2025-03-14 17:11

Modified

2025-03-15 20:45

Severity ?

9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Summary

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.

References

▼	URL	Tags
	https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3	x_refsource_CONFIRM
	https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	node-saml	xml-crypto	Version: >= 4.0.0, < 6.0.1 Version: >= 3.0.0, < 3.2.1 Version: < 2.1.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29775",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T18:24:28.395551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T18:24:53.439Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-15T20:45:45.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://workos.com/blog/samlstorm"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xml-crypto",
          "vendor": "node-saml",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 6.0.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.2.1"
            },
            {
              "status": "affected",
              "version": "\u003c 2.1.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-14T17:11:05.590Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
        }
      ],
      "source": {
        "advisory": "GHSA-x3m8-899r-f7c3",
        "discovery": "UNKNOWN"
      },
      "title": "xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-29775",
    "datePublished": "2025-03-14T17:11:05.590Z",
    "dateReserved": "2025-03-11T14:23:00.474Z",
    "dateUpdated": "2025-03-15T20:45:45.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12905 (GCVE-0-2024-12905)

Vulnerability from cvelistv5

Published

2025-03-27 16:25

Modified

2025-04-20 15:42

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.

References

▼	URL	Tags
	https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed	patch
	https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs	technical-description

Impacted products

	Vendor	Product	Version
			Version: 0.0.0 ≤ Version: 2.0.0 ≤ Version: 3.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-27T18:21:53.061002Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T18:25:53.445Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://registry.npmjs.org",
          "defaultStatus": "unaffected",
          "packageName": "tar-fs",
          "programFiles": [
            "index.js"
          ],
          "repo": "https://github.com/mafintosh/tar-fs",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.16.4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.16.4",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "2.1.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "2.1.2",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.0.8",
                  "status": "unaffected"
                }
              ],
              "lessThan": "3.0.8",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "@bnbdr"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An \u003cstrong\u003eImproper Link Resolution Before File Access (\"Link Following\")\u003c/strong\u003e and \u003cstrong\u003eImproper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\")\u003c/strong\u003e. This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with \u003ccode\u003eindex.js\u003c/code\u003e in the \u003ccode\u003etar-fs\u003c/code\u003e package.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.\u003c/p\u003e"
            }
          ],
          "value": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-132",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-132 Symlink Attack"
            }
          ]
        },
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126 Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-20T15:42:44.814Z",
        "orgId": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
        "shortName": "seal"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
    "assignerShortName": "seal",
    "cveId": "CVE-2024-12905",
    "datePublished": "2025-03-27T16:25:34.410Z",
    "dateReserved": "2024-12-23T13:53:01.494Z",
    "dateUpdated": "2025-04-20T15:42:44.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-26791 (GCVE-0-2025-26791)

Vulnerability from cvelistv5

Published

2025-02-14 00:00

Modified

2025-02-14 15:30

Severity ?

4.5 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Summary

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

References

▼	URL	Tags
	https://github.com/cure53/DOMPurify/releases/tag/3.2.4
	https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02
	https://nsysean.github.io/posts/dompurify-323-bypass/
	https://ensy.zip/posts/dompurify-323-bypass/

Impacted products

	Vendor	Product	Version
	Cure53	DOMPurify	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26791",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T15:30:30.796687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T15:30:49.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://ensy.zip/posts/dompurify-323-bypass/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DOMPurify",
          "vendor": "Cure53",
          "versions": [
            {
              "lessThan": "3.2.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.2.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-14T08:21:32.805Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
        },
        {
          "url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
        },
        {
          "url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
        },
        {
          "url": "https://ensy.zip/posts/dompurify-323-bypass/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-26791",
    "datePublished": "2025-02-14T00:00:00.000Z",
    "dateReserved": "2025-02-14T00:00:00.000Z",
    "dateUpdated": "2025-02-14T15:30:49.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21534 (GCVE-0-2024-21534)

Vulnerability from cvelistv5

Published

2024-10-11 05:00

Modified

2024-11-18 10:37

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

CWE

CWE-94 - Remote Code Execution (RCE)

Summary

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** There were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226).

References

▼	URL	Tags
	https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884
	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8185019
	https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0
	https://github.com/JSONPath-Plus/JSONPath/issues/226

Impacted products

Vendor

Product

Version

▼

n/a

jsonpath-plus

Version: 0 ≤

n/a

org.webjars.npm:jsonpath-plus

Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:jsonpath-plus:jsonpath:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jsonpath",
            "vendor": "jsonpath-plus",
            "versions": [
              {
                "lessThan": "10.0.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21534",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T14:23:05.262400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T19:13:34.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jsonpath-plus",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "org.webjars.npm:jsonpath-plus",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrea Angelo Raineri"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.\r\r**Note:**\r\rThere were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Remote Code Execution (RCE)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T10:37:45.634Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8185019"
        },
        {
          "url": "https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0"
        },
        {
          "url": "https://github.com/JSONPath-Plus/JSONPath/issues/226"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2024-21534",
    "datePublished": "2024-10-11T05:00:01.824Z",
    "dateReserved": "2023-12-22T12:33:20.123Z",
    "dateUpdated": "2024-11-18T10:37:45.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2025:7626

Vulnerability from csaf_redhat

CVE-2025-29775 (GCVE-0-2025-29775)

Vulnerability from cvelistv5

CVE-2024-12905 (GCVE-0-2024-12905)

Vulnerability from cvelistv5

CVE-2025-26791 (GCVE-0-2025-26791)

Vulnerability from cvelistv5

CVE-2024-21534 (GCVE-0-2024-21534)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature