CWE-248
AllowedUncaught Exception
Abstraction: Base · Status: Draft
An exception is thrown from a function, but it is not caught.
422 vulnerabilities reference this CWE, most recent first.
GHSA-9JQ5-XWQW-Q8J3
Vulnerability from github – Published: 2023-04-20 22:05 – Updated: 2023-04-20 22:05Impact
It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object.
Patches
The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11.
Workarounds
There is no other workaround other than fixing any way to create a document that fail to load.
References
https://jira.xwiki.org/browse/XWIKI-20460
For more information
If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-localization-source-wiki"
},
"ranges": [
{
"events": [
{
"introduced": "4.3-milestone-2"
},
{
"fixed": "13.10.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-localization-source-wiki"
},
"ranges": [
{
"events": [
{
"introduced": "14.0-rc-1"
},
{
"fixed": "14.4.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-localization-source-wiki"
},
"ranges": [
{
"events": [
{
"introduced": "14.5"
},
{
"fixed": "14.10.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-29520"
],
"database_specific": {
"cwe_ids": [
"CWE-248",
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-20T22:05:26Z",
"nvd_published_at": "2023-04-19T00:15:08Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nIt\u0027s possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object.\n\n### Patches\n\nThe vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11.\n\n### Workarounds\n\nThere is no other workaround other than fixing any way to create a document that fail to load.\n\n### References\n\nhttps://jira.xwiki.org/browse/XWIKI-20460\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)",
"id": "GHSA-9jq5-xwqw-q8j3",
"modified": "2023-04-20T22:05:26Z",
"published": "2023-04-20T22:05:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29520"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-20460"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "XWiki Platform vulnerable to page render failure due to broken translations"
}
GHSA-9PHM-FM57-RHG8
Vulnerability from github – Published: 2024-06-26 19:26 – Updated: 2024-08-02 15:50Parsing a corrupt or malicious image with invalid color indices can cause a panic.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/image"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.18.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-24792"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-26T19:26:38Z",
"nvd_published_at": "2024-06-27T18:15:13Z",
"severity": "HIGH"
},
"details": "Parsing a corrupt or malicious image with invalid color indices can cause a panic.",
"id": "GHSA-9phm-fm57-rhg8",
"modified": "2024-08-02T15:50:53Z",
"published": "2024-06-26T19:26:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24792"
},
{
"type": "PACKAGE",
"url": "https://cs.opensource.google/go/x/image"
},
{
"type": "WEB",
"url": "https://go.dev/cl/588115"
},
{
"type": "WEB",
"url": "https://go.dev/issue/67624"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-2937"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Panic when parsing invalid palette-color images in golang.org/x/image"
}
GHSA-9QFM-4G6C-76PF
Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.
{
"affected": [],
"aliases": [
"CVE-2023-22290"
],
"database_specific": {
"cwe_ids": [
"CWE-248",
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-14T19:15:16Z",
"severity": "MODERATE"
},
"details": "Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.",
"id": "GHSA-9qfm-4g6c-76pf",
"modified": "2023-11-14T21:31:01Z",
"published": "2023-11-14T21:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22290"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9QRH-QJMC-5W2P
Vulnerability from github – Published: 2022-04-28 20:25 – Updated: 2022-05-03 02:24Affected versions of sqlite3 will experience a fatal error when supplying a specific object in the parameter array. This error causes the application to crash and could not be caught. Users of sqlite3 v5.0.0, v5.0.1 and v5.0.2 are affected by this. This issue is fixed in v5.0.3. All users are recommended to upgrade to v5.0.3 or later. Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters as a workaround.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "sqlite3"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-21227"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-28T20:25:23Z",
"nvd_published_at": "2022-05-01T16:15:00Z",
"severity": "HIGH"
},
"details": "Affected versions of sqlite3 will experience a fatal error when supplying a specific object in the parameter array. This error causes the application to crash and could not be caught. Users of `sqlite3` v5.0.0, v5.0.1 and v5.0.2 are affected by this. This issue is fixed in v5.0.3. All users are recommended to upgrade to v5.0.3 or later. Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters as a workaround.\n",
"id": "GHSA-9qrh-qjmc-5w2p",
"modified": "2022-05-03T02:24:25Z",
"published": "2022-04-28T20:25:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-9qrh-qjmc-5w2p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21227"
},
{
"type": "WEB",
"url": "https://github.com/TryGhost/node-sqlite3/issues/1440"
},
{
"type": "WEB",
"url": "https://github.com/TryGhost/node-sqlite3/issues/1449"
},
{
"type": "WEB",
"url": "https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a"
},
{
"type": "PACKAGE",
"url": "https://github.com/TryGhost/node-sqlite3"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2805470"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-SQLITE3-2388645"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial-of-Service when binding invalid parameters in sqlite3"
}
GHSA-9RMP-2568-59RV
Vulnerability from github – Published: 2024-12-05 17:30 – Updated: 2025-12-26 16:30During a security audit, Radically Open Security discovered several reachable edge cases which allow an attacker to trigger rpgp crashes by providing crafted data.
Impact
When processing malformed input, rpgp can run into Rust panics which halt the program.
This can happen in the following scenarios:
* Parsing OpenPGP messages from binary or armor format
* Decrypting OpenPGP messages via decrypt_with_password()
* Parsing or converting public keys
* Parsing signed cleartext messages from armor format
* Using malformed private keys to sign or encrypt
Given the affected components, we consider most attack vectors to be reachable by remote attackers during typical use cases of the rpgp library. The attack complexity is low since the malformed messages are generic, short, and require no victim-specific knowledge.
The result is a denial-of-service impact via program termination. There is no impact to confidentiality or integrity security properties.
Versions and Patches
All recent versions are affected by at least some of the above mentioned issues.
The vulnerabilities have been fixed with version 0.14.1. We recommend all users to upgrade to this version.
References
The security audit was made possible by the NLnet Foundation NGI Zero Core grant program for rpgp.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "pgp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.14.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-53856"
],
"database_specific": {
"cwe_ids": [
"CWE-130",
"CWE-248",
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-05T17:30:52Z",
"nvd_published_at": "2024-12-05T16:15:26Z",
"severity": "HIGH"
},
"details": "During a security audit, [Radically Open Security](https://www.radicallyopensecurity.com/) discovered several reachable edge cases which allow an attacker to trigger `rpgp` crashes by providing crafted data.\n\n### Impact\nWhen processing malformed input, `rpgp` can run into Rust panics which halt the program.\n\nThis can happen in the following scenarios:\n* Parsing OpenPGP messages from binary or armor format\n* Decrypting OpenPGP messages via `decrypt_with_password()`\n* Parsing or converting public keys\n* Parsing signed cleartext messages from armor format\n* Using malformed private keys to sign or encrypt\n\nGiven the affected components, we consider most attack vectors to be reachable by remote attackers during typical use cases of the `rpgp` library. The attack complexity is low since the malformed messages are generic, short, and require no victim-specific knowledge.\n\nThe result is a denial-of-service impact via program termination. There is no impact to confidentiality or integrity security properties.\n\n### Versions and Patches\nAll recent versions are affected by at least some of the above mentioned issues. \n\nThe vulnerabilities have been fixed with version `0.14.1`. We recommend all users to upgrade to this version.\n\n### References\n\n\nThe security audit was made possible by the [NLnet Foundation NGI Zero Core](https://nlnet.nl/core/) grant program [for rpgp](https://nlnet.nl/project/rPGP-cryptorefresh/).",
"id": "GHSA-9rmp-2568-59rv",
"modified": "2025-12-26T16:30:25Z",
"published": "2024-12-05T17:30:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-9rmp-2568-59rv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53856"
},
{
"type": "PACKAGE",
"url": "https://github.com/rpgp/rpgp"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0447.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "rPGP Panics on Malformed Untrusted Input"
}
GHSA-9VGR-8WFF-X9VQ
Vulnerability from github – Published: 2025-02-05 18:34 – Updated: 2025-02-05 18:34A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.
{
"affected": [],
"aliases": [
"CVE-2025-20173"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-05T17:15:24Z",
"severity": "HIGH"
},
"details": "A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.\n\nThis vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\u0026nbsp;\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.",
"id": "GHSA-9vgr-8wff-x9vq",
"modified": "2025-02-05T18:34:45Z",
"published": "2025-02-05T18:34:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20173"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C467-VF3V-2G2Q
Vulnerability from github – Published: 2024-02-21 21:30 – Updated: 2024-09-27 18:32Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.
{
"affected": [],
"aliases": [
"CVE-2023-6533"
],
"database_specific": {
"cwe_ids": [
"CWE-248",
"CWE-345"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-21T20:15:46Z",
"severity": "MODERATE"
},
"details": "Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.\u00a0",
"id": "GHSA-c467-vf3v-2g2q",
"modified": "2024-09-27T18:32:20Z",
"published": "2024-02-21T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6533"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm000001HdNm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C4CC-X928-VJW9
Vulnerability from github – Published: 2025-12-08 17:57 – Updated: 2025-12-09 19:17Summary
An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by xmlseclibs during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created during a previous interaction - or through a misconfigured authentication flow - can be replayed to bypass authentication checks.
Details
When libxml2’s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. xmlseclibs then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded.
https://github.com/robrichards/xmlseclibs/blob/f4131320c6dcd460f1b0c67f16f8bf24ce4b5c3e/src/XMLSecurityDSig.php#L296
Impact
Digest bypass: By crafting input that causes canonicalization to yield an empty string, the attacker can manipulate validation to pass incorrectly.
Signature replay on empty canonical form: If an empty string has been signed once (e.g., in a prior interaction or via a misconfigured flow), that signature can potentially be replayed to bypass authentication.
Suggested remediation
Treat canonicalization failures (exceptions or nil/empty outputs) as fatal and abort validation. Add explicit checks: reject when canonicalize returns nil/empty or raise
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.1.3"
},
"package": {
"ecosystem": "Packagist",
"name": "robrichards/xmlseclibs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66578"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-08T17:57:33Z",
"nvd_published_at": "2025-12-09T16:18:21Z",
"severity": "MODERATE"
},
"details": "### Summary\nAn authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by [xmlseclibs](https://github.com/robrichards/xmlseclibs) during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created during a previous interaction - or through a misconfigured authentication flow - can be replayed to bypass authentication checks.\n\n### Details\nWhen libxml2\u2019s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. [xmlseclibs](https://github.com/robrichards/xmlseclibs) then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded.\n\nhttps://github.com/robrichards/xmlseclibs/blob/f4131320c6dcd460f1b0c67f16f8bf24ce4b5c3e/src/XMLSecurityDSig.php#L296\n\n### Impact\nDigest bypass: By crafting input that causes canonicalization to yield an empty string, the attacker can manipulate validation to pass incorrectly.\n\nSignature replay on empty canonical form: If an empty string has been signed once (e.g., in a prior interaction or via a misconfigured flow), that signature can potentially be replayed to bypass authentication.\n\n### Suggested remediation\nTreat canonicalization failures (exceptions or nil/empty outputs) as fatal and abort validation.\nAdd explicit checks: reject when canonicalize returns nil/empty or raise",
"id": "GHSA-c4cc-x928-vjw9",
"modified": "2025-12-09T19:17:52Z",
"published": "2025-12-08T17:57:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/robrichards/xmlseclibs/security/advisories/GHSA-c4cc-x928-vjw9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66578"
},
{
"type": "WEB",
"url": "https://github.com/robrichards/xmlseclibs/commit/69fd63080bc47a8d51bc101c30b7cb756862d1d6"
},
{
"type": "PACKAGE",
"url": "https://github.com/robrichards/xmlseclibs"
},
{
"type": "WEB",
"url": "https://github.com/robrichards/xmlseclibs/blob/f4131320c6dcd460f1b0c67f16f8bf24ce4b5c3e/src/XMLSecurityDSig.php#L296"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation"
}
GHSA-C85W-X26Q-CH87
Vulnerability from github – Published: 2025-03-01 00:11 – Updated: 2026-02-18 23:47Summary
Improper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable. This clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.
Details
The attack involves injecting any invalid user role value. Doing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file. Proper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.
Patches
- Formwork 2.x (d9f0c1f) adds proper validation to select fields.
Impact
The condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well. Overall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "getformwork/formwork"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0-beta.1"
},
{
"fixed": "2.0.0-beta.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1285",
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-01T00:11:52Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nImproper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable.\nThis clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.\n\n### Details\nThe attack involves injecting any invalid user role value. Doing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.",
"id": "GHSA-c85w-x26q-ch87",
"modified": "2026-02-18T23:47:37Z",
"published": "2025-03-01T00:11:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/getformwork/formwork/security/advisories/GHSA-c85w-x26q-ch87"
},
{
"type": "WEB",
"url": "https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca"
},
{
"type": "PACKAGE",
"url": "https://github.com/getformwork/formwork"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "Formwork improperly validates input of User role preventing site and panel availability"
}
GHSA-C8H3-85XM-JXP3
Vulnerability from github – Published: 2024-02-05 21:30 – Updated: 2024-02-12 18:31StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.
{
"affected": [],
"aliases": [
"CVE-2023-27318"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-05T21:15:10Z",
"severity": "MODERATE"
},
"details": "StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through \n11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A \nsuccessful exploit could lead to a crash of the Local Distribution \nRouter (LDR) service.\n\n",
"id": "GHSA-c8h3-85xm-jxp3",
"modified": "2024-02-12T18:31:07Z",
"published": "2024-02-05T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27318"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/NTAP-20240202-0012"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.