https://db.gcve.eu/sightings/feedMost recent sightings.2026-05-14T16:54:10.516309+00:00Vulnerability-Lookupinfo@gcve.eupython-feedgenContains only the most 10 recent sightings.https://db.gcve.eu/sighting/21dff982-125a-4b11-a32d-22a203043f4d/export21dff982-125a-4b11-a32d-22a203043f4d2026-05-14T16:54:10.902541+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "21dff982-125a-4b11-a32d-22a203043f4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-MM6V-68QP-F9FW", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4172", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-mm6v-68qp-f9fw\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: ### Impact\n\nRemote code execution may be possible in web-accessible installations of Homarus in certain configurations.\n\n### Patches\n\nThe issue has been patched in `islandora/crayfish:4.1.0`\n\n### Workarounds\n\nThe exploit requires making a request against the Homarus's `/convert` endpoint; therefore, the ability to exploit is much reduced if the microservice is not directly accessible from the Internet, so: Prevent general access from the Internet from hitting Homarus.\n\nConfigure auth in Crayfish to be more strongly required, such that requests with `Authorization` headers that do not validate are rejected before the problematic CLI interpolation occurs.\n\n### References\n\n- XBOW-024-071\n\ud83d\udccf Published: 2025-01-15T22:04:19Z\n\ud83d\udccf Modified: 2025-02-13T00:44:33Z\n\ud83d\udd17 References:\n1. https://github.com/Islandora/Crayfish/security/advisories/GHSA-mm6v-68qp-f9fw\n2. https://github.com/Islandora/Crayfish/commit/64cb4cec688928798cc40e6f0a0e863d7f69fd89\n3. https://github.com/Islandora/Crayfish", "creation_timestamp": "2025-02-13T01:08:08.000000Z"}2025-02-13T01:08:08+00:00https://db.gcve.eu/sighting/1225044c-2af4-4c8d-9135-4e5b7856a692/export1225044c-2af4-4c8d-9135-4e5b7856a6922026-05-14T16:54:10.902454+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "1225044c-2af4-4c8d-9135-4e5b7856a692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-MM6V-68QP-F9FW", "type": "seen", "source": "Telegram/r090prh8PzjJEh682vcQnlDcJfJK4dwz44titdcQaapqPXQ", "content": "", "creation_timestamp": "2025-02-13T03:00:57.000000Z"}2025-02-13T03:00:57+00:00https://db.gcve.eu/sighting/439f3adb-fdd4-489f-83a9-f1da4a62eff2/export439f3adb-fdd4-489f-83a9-f1da4a62eff22026-05-14T16:54:10.901280+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "439f3adb-fdd4-489f-83a9-f1da4a62eff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mm6v-68qp-f9fw", "type": "seen", "source": "https://bsky.app/profile/vulns.bsky.social/post/3ligb6gmskk2g", "content": "", "creation_timestamp": "2025-02-18T02:56:16.318906Z"}2025-02-18T02:56:16.318906+00:00