Common Weakness Enumeration

CWE-1284

Allowed

Improper Validation of Specified Quantity in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

493 vulnerabilities reference this CWE, most recent first.

GHSA-R843-RVX7-3RJG

Vulnerability from github – Published: 2026-06-05 09:33 – Updated: 2026-06-05 09:33
VLAI
Details

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted.

This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3.

No patched version is available - the vendor has applied a fix to an existing release without publishing a new version. While the patch provided by the vendor is valid, releasing it under the existing version number leaves users unable to reliably determine whether they are running a patched or vulnerable installation. As a result, we treat this as an unpatched version.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-49777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-05T09:16:26Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted.\n\nThis issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3.\n\nNo patched version is available - the vendor has applied a fix to an existing release without publishing a new version. While the patch provided by the vendor is valid, releasing it under the existing version number leaves users unable to reliably determine whether they are running a patched or vulnerable installation. As a result, we treat this as an unpatched version.",
  "id": "GHSA-r843-rvx7-3rjg",
  "modified": "2026-06-05T09:33:46Z",
  "published": "2026-06-05T09:33:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49777"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/woo-product-slider-pro/vulnerability/wordpress-product-slider-pro-for-woocommerce-plugin-3-5-2-backdoor-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R8J3-WHR2-75M5

Vulnerability from github – Published: 2025-11-26 06:31 – Updated: 2025-12-06 03:30
VLAI
Details

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59820"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-26T06:15:45Z",
    "severity": "MODERATE"
  },
  "details": "In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.",
  "id": "GHSA-r8j3-whr2-75m5",
  "modified": "2025-12-06T03:30:15Z",
  "published": "2025-11-26T06:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59820"
    },
    {
      "type": "WEB",
      "url": "https://invent.kde.org/graphics/krita"
    },
    {
      "type": "WEB",
      "url": "https://invent.kde.org/graphics/krita/-/commit/6d3651ac4df88efb68e013d21061de9846e83fe8"
    },
    {
      "type": "WEB",
      "url": "https://kde.org/info/security/advisory-20250929-1.txt"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00006.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RCMV-JXXQ-GGJW

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-05-27 15:33
VLAI
Details

IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:35Z",
    "severity": "MODERATE"
  },
  "details": "IBM OPENBMC FW1110.00 through FW1110.11\u00a0is vulnerable to denial of service attacks by unauthenticated network users.",
  "id": "GHSA-rcmv-jxxq-ggjw",
  "modified": "2026-05-27T15:33:25Z",
  "published": "2026-05-27T15:33:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7254"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7272993"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF7C-6JWQ-822H

Vulnerability from github – Published: 2026-07-13 12:35 – Updated: 2026-07-13 12:35
VLAI
Details

Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More: from n/a through <= 2.2.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57364"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-13T10:16:29Z",
    "severity": "MODERATE"
  },
  "details": "Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment \u2013 Instant Payments, Donations, Fundraising with Subscriptions \u0026amp; More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment \u2013 Instant Payments, Donations, Fundraising with Subscriptions \u0026amp; More: from n/a through \u003c= 2.2.0.",
  "id": "GHSA-rf7c-6jwq-822h",
  "modified": "2026-07-13T12:35:01Z",
  "published": "2026-07-13T12:35:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57364"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/better-payment/vulnerability/wordpress-better-payment-instant-payments-donations-fundraising-with-subscriptions-more-plugin-2-2-0-other-vulnerability-type-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RGG5-26HX-FPH3

Vulnerability from github – Published: 2025-02-12 00:32 – Updated: 2025-02-12 00:32
VLAI
Details

Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20508"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-12T00:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.",
  "id": "GHSA-rgg5-26hx-fph3",
  "modified": "2025-02-12T00:32:17Z",
  "published": "2025-02-12T00:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20508"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RMG2-F698-WQ35

Vulnerability from github – Published: 2022-11-21 21:53 – Updated: 2022-11-21 21:53
VLAI
Summary
`tf.raw_ops.Mfcc` crashes
Details

Impact

If ThreadUnsafeUnigramCandidateSampler is given input filterbank_channel_count greater than the allowed max size, TensorFlow will crash.

import tensorflow as tf
tf.raw_ops.Mfcc(
    spectrogram = [[[1.38, 6.32, 5.75, 9.51]]],
    sample_rate = 2,
    upper_frequency_limit = 5.0,
    lower_frequency_limit = 1.0,
    filterbank_channel_count = 2**31 - 1,
    dct_coefficient_count = 1
)

Patches

We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860.

The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Vul AI.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41896"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-21T21:53:52Z",
    "nvd_published_at": "2022-11-18T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nIf [`ThreadUnsafeUnigramCandidateSampler`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc) is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash.\n\n```python\nimport tensorflow as tf\ntf.raw_ops.Mfcc(\n    spectrogram = [[[1.38, 6.32, 5.75, 9.51]]],\n    sample_rate = 2,\n    upper_frequency_limit = 5.0,\n    lower_frequency_limit = 1.0,\n    filterbank_channel_count = 2**31 - 1,\n    dct_coefficient_count = 1\n)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [39ec7eaf1428e90c37787e5b3fbd68ebd3c48860](https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Vul AI.\n",
  "id": "GHSA-rmg2-f698-wq35",
  "modified": "2022-11-21T21:53:52Z",
  "published": "2022-11-21T21:53:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41896"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "`tf.raw_ops.Mfcc` crashes"
}

GHSA-RP75-JG2C-FRM4

Vulnerability from github – Published: 2026-04-09 00:32 – Updated: 2026-04-09 00:32
VLAI
Details

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1092"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T23:16:57Z",
    "severity": "HIGH"
  },
  "details": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.",
  "id": "GHSA-rp75-jg2c-frm4",
  "modified": "2026-04-09T00:32:01Z",
  "published": "2026-04-09T00:32:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1092"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3487030"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586479"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RR5Q-3XWR-F323

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-07-01 19:09
VLAI
Summary
Keycloak Vulnerable to Improper Validation of Specified Quantity in Input
Details

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client's service account, leading to privilege escalation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-server-spi-private"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-9704"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-01T19:09:45Z",
    "nvd_published_at": "2026-05-27T14:17:40Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client\u0027s service account, leading to privilege escalation.",
  "id": "GHSA-rr5q-3xwr-f323",
  "modified": "2026-07-01T19:09:45Z",
  "published": "2026-05-27T15:33:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9704"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/issues/49435"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/pull/49472"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/f1e5b7776c42938d0782fd5846346b8f75c815e6"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:25097"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:25098"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30049"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30050"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-9704"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481877"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak Vulnerable to Improper Validation of Specified Quantity in Input"
}

GHSA-RRGF-J5XJ-H9HC

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35
VLAI
Details

sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-55706"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T13:20:52Z",
    "severity": "MODERATE"
  },
  "details": "sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.",
  "id": "GHSA-rrgf-j5xj-h9hc",
  "modified": "2026-06-17T18:35:52Z",
  "published": "2026-06-17T18:35:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55706"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbsd/src/commit/076e2b1c1fc4ac0883a72d3544131ad5cee7adf8"
    },
    {
      "type": "WEB",
      "url": "https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html"
    },
    {
      "type": "WEB",
      "url": "https://blog.argus-systems.ai/blog/poc-001-pap-bypass.py"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/06/16/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RWV9-WGMX-5VQ4

Vulnerability from github – Published: 2026-02-25 21:31 – Updated: 2026-02-25 21:31
VLAI
Details

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-25T21:16:30Z",
    "severity": "HIGH"
  },
  "details": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions.",
  "id": "GHSA-rwv9-wgmx-5vq4",
  "modified": "2026-02-25T21:31:19Z",
  "published": "2026-02-25T21:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14511"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3452200"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/583717"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.