https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 14 May 2026 16:54:10 +0000 https://db.gcve.eu/sighting/21dff982-125a-4b11-a32d-22a203043f4d/export {"uuid": "21dff982-125a-4b11-a32d-22a203043f4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-MM6V-68QP-F9FW", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4172", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-mm6v-68qp-f9fw\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: ### Impact\n\nRemote code execution may be possible in web-accessible installations of Homarus in certain configurations.\n\n### Patches\n\nThe issue has been patched in `islandora/crayfish:4.1.0`\n\n### Workarounds\n\nThe exploit requires making a request against the Homarus's `/convert` endpoint; therefore, the ability to exploit is much reduced if the microservice is not directly accessible from the Internet, so: Prevent general access from the Internet from hitting Homarus.\n\nConfigure auth in Crayfish to be more strongly required, such that requests with `Authorization` headers that do not validate are rejected before the problematic CLI interpolation occurs.\n\n### References\n\n- XBOW-024-071\n\ud83d\udccf Published: 2025-01-15T22:04:19Z\n\ud83d\udccf Modified: 2025-02-13T00:44:33Z\n\ud83d\udd17 References:\n1. https://github.com/Islandora/Crayfish/security/advisories/GHSA-mm6v-68qp-f9fw\n2. https://github.com/Islandora/Crayfish/commit/64cb4cec688928798cc40e6f0a0e863d7f69fd89\n3. https://github.com/Islandora/Crayfish", "creation_timestamp": "2025-02-13T01:08:08.000000Z"} {"uuid": "21dff982-125a-4b11-a32d-22a203043f4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-MM6V-68QP-F9FW", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4172", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-mm6v-68qp-f9fw\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: ### Impact\n\nRemote code execution may be possible in web-accessible installations of Homarus in certain configurations.\n\n### Patches\n\nThe issue has been patched in `islandora/crayfish:4.1.0`\n\n### Workarounds\n\nThe exploit requires making a request against the Homarus's `/convert` endpoint; therefore, the ability to exploit is much reduced if the microservice is not directly accessible from the Internet, so: Prevent general access from the Internet from hitting Homarus.\n\nConfigure auth in Crayfish to be more strongly required, such that requests with `Authorization` headers that do not validate are rejected before the problematic CLI interpolation occurs.\n\n### References\n\n- XBOW-024-071\n\ud83d\udccf Published: 2025-01-15T22:04:19Z\n\ud83d\udccf Modified: 2025-02-13T00:44:33Z\n\ud83d\udd17 References:\n1. https://github.com/Islandora/Crayfish/security/advisories/GHSA-mm6v-68qp-f9fw\n2. https://github.com/Islandora/Crayfish/commit/64cb4cec688928798cc40e6f0a0e863d7f69fd89\n3. https://github.com/Islandora/Crayfish", "creation_timestamp": "2025-02-13T01:08:08.000000Z"} https://db.gcve.eu/sighting/21dff982-125a-4b11-a32d-22a203043f4d/export Thu, 13 Feb 2025 01:08:08 +0000 https://db.gcve.eu/sighting/1225044c-2af4-4c8d-9135-4e5b7856a692/export {"uuid": "1225044c-2af4-4c8d-9135-4e5b7856a692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-MM6V-68QP-F9FW", "type": "seen", "source": "Telegram/r090prh8PzjJEh682vcQnlDcJfJK4dwz44titdcQaapqPXQ", "content": "", "creation_timestamp": "2025-02-13T03:00:57.000000Z"} {"uuid": "1225044c-2af4-4c8d-9135-4e5b7856a692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-MM6V-68QP-F9FW", "type": "seen", "source": "Telegram/r090prh8PzjJEh682vcQnlDcJfJK4dwz44titdcQaapqPXQ", "content": "", "creation_timestamp": "2025-02-13T03:00:57.000000Z"} https://db.gcve.eu/sighting/1225044c-2af4-4c8d-9135-4e5b7856a692/export Thu, 13 Feb 2025 03:00:57 +0000 https://db.gcve.eu/sighting/439f3adb-fdd4-489f-83a9-f1da4a62eff2/export {"uuid": "439f3adb-fdd4-489f-83a9-f1da4a62eff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mm6v-68qp-f9fw", "type": "seen", "source": "https://bsky.app/profile/vulns.bsky.social/post/3ligb6gmskk2g", "content": "", "creation_timestamp": "2025-02-18T02:56:16.318906Z"} {"uuid": "439f3adb-fdd4-489f-83a9-f1da4a62eff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mm6v-68qp-f9fw", "type": "seen", "source": "https://bsky.app/profile/vulns.bsky.social/post/3ligb6gmskk2g", "content": "", "creation_timestamp": "2025-02-18T02:56:16.318906Z"} https://db.gcve.eu/sighting/439f3adb-fdd4-489f-83a9-f1da4a62eff2/export Tue, 18 Feb 2025 02:56:16 +0000