Common Weakness Enumeration

CWE-248

Allowed

Uncaught Exception

Abstraction: Base · Status: Draft

An exception is thrown from a function, but it is not caught.

422 vulnerabilities reference this CWE, most recent first.

GHSA-9JQ5-XWQW-Q8J3

Vulnerability from github – Published: 2023-04-20 22:05 – Updated: 2023-04-20 22:05
VLAI
Summary
XWiki Platform vulnerable to page render failure due to broken translations
Details

Impact

It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object.

Patches

The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11.

Workarounds

There is no other workaround other than fixing any way to create a document that fail to load.

References

https://jira.xwiki.org/browse/XWIKI-20460

For more information

If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-localization-source-wiki"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3-milestone-2"
            },
            {
              "fixed": "13.10.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-localization-source-wiki"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.0-rc-1"
            },
            {
              "fixed": "14.4.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-localization-source-wiki"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.5"
            },
            {
              "fixed": "14.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-29520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-20T22:05:26Z",
    "nvd_published_at": "2023-04-19T00:15:08Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nIt\u0027s possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object.\n\n### Patches\n\nThe vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11.\n\n### Workarounds\n\nThere is no other workaround other than fixing any way to create a document that fail to load.\n\n### References\n\nhttps://jira.xwiki.org/browse/XWIKI-20460\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)",
  "id": "GHSA-9jq5-xwqw-q8j3",
  "modified": "2023-04-20T22:05:26Z",
  "published": "2023-04-20T22:05:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29520"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20460"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XWiki Platform vulnerable to page render failure due to broken translations"
}

GHSA-9PHM-FM57-RHG8

Vulnerability from github – Published: 2024-06-26 19:26 – Updated: 2024-08-02 15:50
VLAI
Summary
Panic when parsing invalid palette-color images in golang.org/x/image
Details

Parsing a corrupt or malicious image with invalid color indices can cause a panic.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "golang.org/x/image"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.18.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-24792"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-26T19:26:38Z",
    "nvd_published_at": "2024-06-27T18:15:13Z",
    "severity": "HIGH"
  },
  "details": "Parsing a corrupt or malicious image with invalid color indices can cause a panic.",
  "id": "GHSA-9phm-fm57-rhg8",
  "modified": "2024-08-02T15:50:53Z",
  "published": "2024-06-26T19:26:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24792"
    },
    {
      "type": "PACKAGE",
      "url": "https://cs.opensource.google/go/x/image"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/588115"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/67624"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2024-2937"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Panic when parsing invalid palette-color images in golang.org/x/image"
}

GHSA-9QFM-4G6C-76PF

Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31
VLAI
Details

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-14T19:15:16Z",
    "severity": "MODERATE"
  },
  "details": "Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.",
  "id": "GHSA-9qfm-4g6c-76pf",
  "modified": "2023-11-14T21:31:01Z",
  "published": "2023-11-14T21:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22290"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9QRH-QJMC-5W2P

Vulnerability from github – Published: 2022-04-28 20:25 – Updated: 2022-05-03 02:24
VLAI
Summary
Denial-of-Service when binding invalid parameters in sqlite3
Details

Affected versions of sqlite3 will experience a fatal error when supplying a specific object in the parameter array. This error causes the application to crash and could not be caught. Users of sqlite3 v5.0.0, v5.0.1 and v5.0.2 are affected by this. This issue is fixed in v5.0.3. All users are recommended to upgrade to v5.0.3 or later. Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters as a workaround.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "sqlite3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-21227"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-28T20:25:23Z",
    "nvd_published_at": "2022-05-01T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Affected versions of sqlite3 will experience a fatal error when supplying a specific object in the parameter array. This error causes the application to crash and could not be caught. Users of `sqlite3` v5.0.0, v5.0.1 and v5.0.2 are affected by this. This issue is fixed in v5.0.3. All users are recommended to upgrade to v5.0.3 or later. Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters as a workaround.\n",
  "id": "GHSA-9qrh-qjmc-5w2p",
  "modified": "2022-05-03T02:24:25Z",
  "published": "2022-04-28T20:25:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-9qrh-qjmc-5w2p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21227"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TryGhost/node-sqlite3/issues/1440"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TryGhost/node-sqlite3/issues/1449"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TryGhost/node-sqlite3"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2805470"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-SQLITE3-2388645"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Denial-of-Service when binding invalid parameters in sqlite3"
}

GHSA-9RMP-2568-59RV

Vulnerability from github – Published: 2024-12-05 17:30 – Updated: 2025-12-26 16:30
VLAI
Summary
rPGP Panics on Malformed Untrusted Input
Details

During a security audit, Radically Open Security discovered several reachable edge cases which allow an attacker to trigger rpgp crashes by providing crafted data.

Impact

When processing malformed input, rpgp can run into Rust panics which halt the program.

This can happen in the following scenarios: * Parsing OpenPGP messages from binary or armor format * Decrypting OpenPGP messages via decrypt_with_password() * Parsing or converting public keys * Parsing signed cleartext messages from armor format * Using malformed private keys to sign or encrypt

Given the affected components, we consider most attack vectors to be reachable by remote attackers during typical use cases of the rpgp library. The attack complexity is low since the malformed messages are generic, short, and require no victim-specific knowledge.

The result is a denial-of-service impact via program termination. There is no impact to confidentiality or integrity security properties.

Versions and Patches

All recent versions are affected by at least some of the above mentioned issues.

The vulnerabilities have been fixed with version 0.14.1. We recommend all users to upgrade to this version.

References

The security audit was made possible by the NLnet Foundation NGI Zero Core grant program for rpgp.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "pgp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-53856"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-130",
      "CWE-248",
      "CWE-617"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-05T17:30:52Z",
    "nvd_published_at": "2024-12-05T16:15:26Z",
    "severity": "HIGH"
  },
  "details": "During a security audit, [Radically Open Security](https://www.radicallyopensecurity.com/) discovered several reachable edge cases which allow an attacker to trigger `rpgp` crashes by providing crafted data.\n\n### Impact\nWhen processing malformed input, `rpgp` can run into Rust panics which halt the program.\n\nThis can happen in the following scenarios:\n* Parsing OpenPGP messages from binary or armor format\n* Decrypting OpenPGP messages via `decrypt_with_password()`\n* Parsing or converting public keys\n* Parsing signed cleartext messages from armor format\n* Using malformed private keys to sign or encrypt\n\nGiven the affected components, we consider most attack vectors to be reachable by remote attackers during typical use cases of the `rpgp` library. The attack complexity is low since the malformed messages are generic, short, and require no victim-specific knowledge.\n\nThe result is a denial-of-service impact via program termination. There is no impact to confidentiality or integrity security properties.\n\n### Versions and Patches\nAll recent versions are affected by at least some of the above mentioned issues. \n\nThe vulnerabilities have been fixed with version `0.14.1`. We recommend all users to upgrade to this version.\n\n### References\n\n\nThe security audit was made possible by the [NLnet Foundation NGI Zero Core](https://nlnet.nl/core/) grant program [for rpgp](https://nlnet.nl/project/rPGP-cryptorefresh/).",
  "id": "GHSA-9rmp-2568-59rv",
  "modified": "2025-12-26T16:30:25Z",
  "published": "2024-12-05T17:30:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-9rmp-2568-59rv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53856"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rpgp/rpgp"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0447.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "rPGP Panics on Malformed Untrusted Input"
}

GHSA-9VGR-8WFF-X9VQ

Vulnerability from github – Published: 2025-02-05 18:34 – Updated: 2025-02-05 18:34
VLAI
Details

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.

This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-05T17:15:24Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.\n\nThis vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\u0026nbsp;\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.",
  "id": "GHSA-9vgr-8wff-x9vq",
  "modified": "2025-02-05T18:34:45Z",
  "published": "2025-02-05T18:34:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20173"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C467-VF3V-2G2Q

Vulnerability from github – Published: 2024-02-21 21:30 – Updated: 2024-09-27 18:32
VLAI
Details

Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. 

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6533"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-345"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-21T20:15:46Z",
    "severity": "MODERATE"
  },
  "details": "Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.\u00a0",
  "id": "GHSA-c467-vf3v-2g2q",
  "modified": "2024-09-27T18:32:20Z",
  "published": "2024-02-21T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6533"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/068Vm000001HdNm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C4CC-X928-VJW9

Vulnerability from github – Published: 2025-12-08 17:57 – Updated: 2025-12-09 19:17
VLAI
Summary
robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation
Details

Summary

An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by xmlseclibs during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created during a previous interaction - or through a misconfigured authentication flow - can be replayed to bypass authentication checks.

Details

When libxml2’s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. xmlseclibs then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded.

https://github.com/robrichards/xmlseclibs/blob/f4131320c6dcd460f1b0c67f16f8bf24ce4b5c3e/src/XMLSecurityDSig.php#L296

Impact

Digest bypass: By crafting input that causes canonicalization to yield an empty string, the attacker can manipulate validation to pass incorrectly.

Signature replay on empty canonical form: If an empty string has been signed once (e.g., in a prior interaction or via a misconfigured flow), that signature can potentially be replayed to bypass authentication.

Suggested remediation

Treat canonicalization failures (exceptions or nil/empty outputs) as fatal and abort validation. Add explicit checks: reject when canonicalize returns nil/empty or raise

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.1.3"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "robrichards/xmlseclibs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66578"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-08T17:57:33Z",
    "nvd_published_at": "2025-12-09T16:18:21Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nAn authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by [xmlseclibs](https://github.com/robrichards/xmlseclibs) during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created during a previous interaction - or through a misconfigured authentication flow - can be replayed to bypass authentication checks.\n\n### Details\nWhen libxml2\u2019s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. [xmlseclibs](https://github.com/robrichards/xmlseclibs) then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded.\n\nhttps://github.com/robrichards/xmlseclibs/blob/f4131320c6dcd460f1b0c67f16f8bf24ce4b5c3e/src/XMLSecurityDSig.php#L296\n\n### Impact\nDigest bypass: By crafting input that causes canonicalization to yield an empty string, the attacker can manipulate validation to pass incorrectly.\n\nSignature replay on empty canonical form: If an empty string has been signed once (e.g., in a prior interaction or via a misconfigured flow), that signature can potentially be replayed to bypass authentication.\n\n### Suggested remediation\nTreat canonicalization failures (exceptions or nil/empty outputs) as fatal and abort validation.\nAdd explicit checks: reject when canonicalize returns nil/empty or raise",
  "id": "GHSA-c4cc-x928-vjw9",
  "modified": "2025-12-09T19:17:52Z",
  "published": "2025-12-08T17:57:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/robrichards/xmlseclibs/security/advisories/GHSA-c4cc-x928-vjw9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66578"
    },
    {
      "type": "WEB",
      "url": "https://github.com/robrichards/xmlseclibs/commit/69fd63080bc47a8d51bc101c30b7cb756862d1d6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/robrichards/xmlseclibs"
    },
    {
      "type": "WEB",
      "url": "https://github.com/robrichards/xmlseclibs/blob/f4131320c6dcd460f1b0c67f16f8bf24ce4b5c3e/src/XMLSecurityDSig.php#L296"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation"
}

GHSA-C85W-X26Q-CH87

Vulnerability from github – Published: 2025-03-01 00:11 – Updated: 2026-02-18 23:47
VLAI
Summary
Formwork improperly validates input of User role preventing site and panel availability
Details

Summary

Improper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable. This clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.

Details

The attack involves injecting any invalid user role value. Doing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file. Proper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.

Patches

Impact

The condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well. Overall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "getformwork/formwork"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0-beta.1"
            },
            {
              "fixed": "2.0.0-beta.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1285",
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-01T00:11:52Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nImproper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable.\nThis clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.\n\n### Details\nThe attack involves injecting any invalid user role value. Doing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.",
  "id": "GHSA-c85w-x26q-ch87",
  "modified": "2026-02-18T23:47:37Z",
  "published": "2025-03-01T00:11:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getformwork/formwork/security/advisories/GHSA-c85w-x26q-ch87"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getformwork/formwork"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Formwork improperly validates input of User role preventing site and panel availability"
}

GHSA-C8H3-85XM-JXP3

Vulnerability from github – Published: 2024-02-05 21:30 – Updated: 2024-02-12 18:31
VLAI
Details

StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27318"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-05T21:15:10Z",
    "severity": "MODERATE"
  },
  "details": "StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through \n11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A \nsuccessful exploit could lead to a crash of the Local Distribution \nRouter (LDR) service.\n\n",
  "id": "GHSA-c8h3-85xm-jxp3",
  "modified": "2024-02-12T18:31:07Z",
  "published": "2024-02-05T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27318"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/NTAP-20240202-0012"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.