CWE-1288
AllowedImproper Validation of Consistency within Input
Abstraction: Base · Status: Incomplete
The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.
44 vulnerabilities reference this CWE, most recent first.
GHSA-8HP2-QMC6-F97H
Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-06-30 03:36In the Linux kernel, the following vulnerability has been resolved:
smb: client: validate the whole DACL before rewriting it in cifsacl
build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild the chmod/chown security descriptor.
The original fix only checked that the struct smb_acl header fits before reading dacl_ptr->size or dacl_ptr->num_aces. That avoids the immediate header-field OOB read, but the rewrite helpers still walk ACEs based on pdacl->num_aces with no structural validation of the incoming DACL body.
A malicious server can return a truncated DACL that still contains a header, claims one or more ACEs, and then drive replace_sids_and_copy_aces() or set_chmod_dacl() past the validated extent while they compare or copy attacker-controlled ACEs.
Factor the DACL structural checks into validate_dacl(), extend them to validate each ACE against the DACL bounds, and use the shared validator before the chmod/chown rebuild paths. parse_dacl() reuses the same validator so the read-side parser and write-side rewrite paths agree on what constitutes a well-formed incoming DACL.
{
"affected": [],
"aliases": [
"CVE-2026-31709"
],
"database_specific": {
"cwe_ids": [
"CWE-1288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T14:16:20Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: validate the whole DACL before rewriting it in cifsacl\n\nbuild_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a\nserver-supplied dacloffset and then use the incoming ACL to rebuild the\nchmod/chown security descriptor.\n\nThe original fix only checked that the struct smb_acl header fits before\nreading dacl_ptr-\u003esize or dacl_ptr-\u003enum_aces. That avoids the immediate\nheader-field OOB read, but the rewrite helpers still walk ACEs based on\npdacl-\u003enum_aces with no structural validation of the incoming DACL body.\n\nA malicious server can return a truncated DACL that still contains a\nheader, claims one or more ACEs, and then drive\nreplace_sids_and_copy_aces() or set_chmod_dacl() past the validated\nextent while they compare or copy attacker-controlled ACEs.\n\nFactor the DACL structural checks into validate_dacl(), extend them to\nvalidate each ACE against the DACL bounds, and use the shared validator\nbefore the chmod/chown rebuild paths. parse_dacl() reuses the same\nvalidator so the read-side parser and write-side rewrite paths agree on\nwhat constitutes a well-formed incoming DACL.",
"id": "GHSA-8hp2-qmc6-f97h",
"modified": "2026-06-30T03:36:28Z",
"published": "2026-05-01T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31709"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31709.json"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ff0ca46b13b9ef6edbcd238a3b6caacfef8ba0e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d92f3f0b22414e7515696a02224d0af55e3004a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c2abdebf72000a64603ced84d36ccbd164f11391"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b8603d9ae6c9087662b098619996bc4a8064319d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b78db9bddc84136f6a0bb49e8883cf200dfb87a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e47d297e7cf9a6029a0d38e7b22faba7d7aaf12"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0a8cf165566ba55a39fd0f4de172119dd646d39a"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464476"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-31709"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24343"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23329"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23237"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23224"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22940"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22900"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21745"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21706"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21556"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9H7V-6CR6-HCPX
Vulnerability from github – Published: 2024-06-18 12:30 – Updated: 2025-11-03 21:31A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
{
"affected": [],
"aliases": [
"CVE-2024-5953"
],
"database_specific": {
"cwe_ids": [
"CWE-1288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-18T10:15:11Z",
"severity": "MODERATE"
},
"details": "A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.",
"id": "GHSA-9h7v-6cr6-hcpx",
"modified": "2025-11-03T21:31:07Z",
"published": "2024-06-18T12:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5953"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4633"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4997"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:5192"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:5690"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6153"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6568"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6569"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6576"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:7458"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:1632"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-5953"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292104"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C65P-X677-FGJ6
Vulnerability from github – Published: 2025-05-28 18:03 – Updated: 2025-05-29 21:36Summary
In the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the image’s shape (width, height, mode). As a result, two images of different sizes (e.g., 30x100 and 100x30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks.
Details
- Affected file:
vllm/multimodal/hasher.py - Affected method:
MultiModalHasher.serialize_itemhttps://github.com/vllm-project/vllm/blob/9420a1fc30af1a632bbc2c66eb8668f3af41f026/vllm/multimodal/hasher.py#L34-L35 - Current behavior: For
Image.Imageinstances, onlyobj.tobytes()is used for hashing. - Problem description:
obj.tobytes()does not include the image’s width, height, or mode metadata. - Impact: Two images with the same pixel byte sequence but different sizes could be regarded as the same image by the cache and hashing system, which may result in:
- Incorrect cache hits, leading to abnormal responses
- Deliberate construction of images with different meanings but the same hash value
Recommendation
In the serialize_item method, serialization of Image.Image objects should include not only pixel data, but also all critical metadata—such as dimensions (size), color mode (mode), format, and especially the info dictionary. The info dictionary is particularly important in palette-based images (e.g., mode 'P'), where the palette itself is stored in info. Ignoring info can result in hash collisions between visually distinct images with the same pixel bytes but different palettes or metadata. This can lead to incorrect cache hits or even data leakage.
Summary:
Serializing only the raw pixel data is insecure. Always include all image metadata (size, mode, format, info) in the hash calculation to prevent collisions, especially in cases like palette-based images.
Impact for other modalities For the influence of other modalities, since the video modality is transformed into a multi-dimensional array containing the length, width, time, etc. of the video, the same problem exists due to the incorrect sequence of numpy as well.
For audio, since the momo function is not enabled in librosa.load, the loaded audio is automatically encoded into single channels by librosa and returns a one-dimensional array of numpy, thus keeping the structure of numpy fixed and not affected by this issue.
Fixes
- https://github.com/vllm-project/vllm/pull/17378
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vllm"
},
"ranges": [
{
"events": [
{
"introduced": "0.7.0"
},
{
"fixed": "0.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-46722"
],
"database_specific": {
"cwe_ids": [
"CWE-1023",
"CWE-1288"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-28T18:03:41Z",
"nvd_published_at": "2025-05-29T17:15:21Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nIn the file `vllm/multimodal/hasher.py`, the `MultiModalHasher` class has a security and data integrity issue in its image hashing method. Currently, it serializes `PIL.Image.Image` objects using only `obj.tobytes()`, which returns only the raw pixel data, without including metadata such as the image\u2019s shape (width, height, mode). As a result, two images of different sizes (e.g., 30x100 and 100x30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks.\n\n## Details\n\n- **Affected file:** `vllm/multimodal/hasher.py`\n- **Affected method:** `MultiModalHasher.serialize_item`\nhttps://github.com/vllm-project/vllm/blob/9420a1fc30af1a632bbc2c66eb8668f3af41f026/vllm/multimodal/hasher.py#L34-L35\n- **Current behavior:** For `Image.Image` instances, only `obj.tobytes()` is used for hashing.\n- **Problem description:** `obj.tobytes()` does not include the image\u2019s width, height, or mode metadata.\n- **Impact:** Two images with the same pixel byte sequence but different sizes could be regarded as the same image by the cache and hashing system, which may result in:\n - Incorrect cache hits, leading to abnormal responses\n - Deliberate construction of images with different meanings but the same hash value\n\n\n## Recommendation\n\nIn the `serialize_item` method, **serialization of `Image.Image` objects should include not only pixel data, but also all critical metadata**\u2014such as dimensions (`size`), color mode (`mode`), format, and especially the `info` dictionary. The `info` dictionary is particularly important in palette-based images (e.g., mode `\u0027P\u0027`), where the palette itself is stored in `info`. Ignoring `info` can result in hash collisions between visually distinct images with the same pixel bytes but different palettes or metadata. This can lead to incorrect cache hits or even data leakage.\n\n**Summary:** \nSerializing only the raw pixel data is insecure. Always include all image metadata (`size`, `mode`, `format`, `info`) in the hash calculation to prevent collisions, especially in cases like palette-based images.\n\n**Impact for other modalities**\nFor the influence of other modalities, since the video modality is transformed into a multi-dimensional array containing the length, width, time, etc. of the video, the same problem exists due to the incorrect sequence of numpy as well.\n\nFor audio, since the momo function is not enabled in librosa.load, the loaded audio is automatically encoded into single channels by librosa and returns a one-dimensional array of numpy, thus keeping the structure of numpy fixed and not affected by this issue.\n\n## Fixes\n\n* https://github.com/vllm-project/vllm/pull/17378",
"id": "GHSA-c65p-x677-fgj6",
"modified": "2025-05-29T21:36:24Z",
"published": "2025-05-28T18:03:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-c65p-x677-fgj6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46722"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/pull/17378"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/commit/99404f53c72965b41558aceb1bc2380875f5d848"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-43.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/vllm-project/vllm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "vLLM has a Weakness in MultiModalHasher Image Hashing Implementation"
}
GHSA-C74J-26PG-R222
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-30 03:36In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()
Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARN_ON() then go on to corrupt the kernel.
Just reject it outright and fail the QP creation.
{
"affected": [],
"aliases": [
"CVE-2026-46117"
],
"database_specific": {
"cwe_ids": [
"CWE-1288",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:27Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()\n\nSashiko points out that the user can specify WQs sharing the same CQ as a\npart of the uAPI and this will trigger the WARN_ON() then go on to corrupt\nthe kernel.\n\nJust reject it outright and fail the QP creation.",
"id": "GHSA-c74j-26pg-r222",
"modified": "2026-06-30T03:36:53Z",
"published": "2026-05-28T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46117"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27789"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30129"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-46117"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482576"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/159f2efabc89d3f931d38f2d35876535d4abf0a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9cc0c6b1ba8cd5c55aef043e1384de0a8b4efa71"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ef65af26b2a6738bf15812042e84b3112402d3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db991ba50087ad99fa12a2c483aa3be19671ea73"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46117.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C96P-56GH-3PVW
Vulnerability from github – Published: 2026-07-05 09:30 – Updated: 2026-07-05 09:30A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the email_verified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but retrieves the email_verified status exclusively from the id_token. The root cause is a lack of validation ensuring that the email_verified claim in the id_token actually refers to the email address returned by the userinfo endpoint. If these two sources return different email addresses, the id_token's email_verified=true claim is blindly applied to the userinfo email. Exploitation Conditions: The OIDC identity provider must have trustEmail set to true (non-default).
The userinfo endpoint must be enabled (default).
The attacker must control or have compromised the upstream OIDC provider.
Concrete Impact: Mark arbitrary email addresses as verified in the Keycloak database.
Bypass email-based security controls or verification workflows.
Potential account takeover if the application relies solely on the email_verified flag from the IdP to link accounts.
{
"affected": [],
"aliases": [
"CVE-2026-14781"
],
"database_specific": {
"cwe_ids": [
"CWE-1288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-05T07:16:39Z",
"severity": "MODERATE"
},
"details": "A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the email_verified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but retrieves the email_verified status exclusively from the id_token.\nThe root cause is a lack of validation ensuring that the email_verified claim in the id_token actually refers to the email address returned by the userinfo endpoint. If these two sources return different email addresses, the id_token\u0027s email_verified=true claim is blindly applied to the userinfo email.\nExploitation Conditions:\nThe OIDC identity provider must have trustEmail set to true (non-default).\n\nThe userinfo endpoint must be enabled (default).\n\nThe attacker must control or have compromised the upstream OIDC provider.\n\n\nConcrete Impact:\nMark arbitrary email addresses as verified in the Keycloak database.\n\nBypass email-based security controls or verification workflows.\n\nPotential account takeover if the application relies solely on the email_verified flag from the IdP to link accounts.",
"id": "GHSA-c96p-56gh-3pvw",
"modified": "2026-07-05T09:30:23Z",
"published": "2026-07-05T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14781"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-14781"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497118"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CRH6-FP67-6883
Vulnerability from github – Published: 2022-11-01 17:29 – Updated: 2022-11-04 20:44Impact
xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or throwing.
This breaks the assumption that there is only a single root node in the tree, which led to https://nvd.nist.gov/vuln/detail/CVE-2022-39299 and is a potential issue for dependents.
Patches
Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next).
Workarounds
One of the following approaches might help, depending on your use case:
- Instead of searching for elements in the whole DOM, only search in the documentElement.
- Reject a document with a document that has more then 1 childNode.
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-39299
- https://github.com/jindw/xmldom/issues/150
For more information
If you have any questions or comments about this advisory: * Email us at security@xmldom.org
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "xmldom"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@xmldom/xmldom"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@xmldom/xmldom"
},
"ranges": [
{
"events": [
{
"introduced": "0.8.0"
},
{
"fixed": "0.8.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@xmldom/xmldom"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.0-beta.1"
},
{
"fixed": "0.9.0-beta.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39353"
],
"database_specific": {
"cwe_ids": [
"CWE-1288",
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-01T17:29:11Z",
"nvd_published_at": "2022-11-02T17:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nxmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing.\nThis breaks the assumption that there is only a single root node in the tree, which led to https://nvd.nist.gov/vuln/detail/CVE-2022-39299 and is a potential issue for dependents.\n\n### Patches\nUpdate to `@xmldom/xmldom@~0.7.7`, `@xmldom/xmldom@~0.8.4` (dist-tag `latest`) or `@xmldom/xmldom@\u003e=0.9.0-beta.4` (dist-tag `next`).\n\n### Workarounds\nOne of the following approaches might help, depending on your use case:\n- Instead of searching for elements in the whole DOM, only search in the `documentElement`.\n- Reject a document with a document that has more then 1 `childNode`.\n\n### References\n- https://nvd.nist.gov/vuln/detail/CVE-2022-39299\n- https://github.com/jindw/xmldom/issues/150\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n",
"id": "GHSA-crh6-fp67-6883",
"modified": "2022-11-04T20:44:46Z",
"published": "2022-11-01T17:29:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39353"
},
{
"type": "WEB",
"url": "https://github.com/jindw/xmldom/issues/150"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/52a708360c35aa160fcca8621720d71fd0f95f1a"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/7ff7c10ab2961703ac1752e95b4ff60ee4ee6643"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/c02f786216bed70825f9a351c65e61500f51e931"
},
{
"type": "PACKAGE",
"url": "https://github.com/xmldom/xmldom"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.7.7"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.8.4"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.9.0-beta.4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00000.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "xmldom allows multiple root nodes in a DOM"
}
GHSA-FG8X-Q69G-4QP3
Vulnerability from github – Published: 2025-10-30 00:31 – Updated: 2025-10-30 17:05Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "drupal/reverse_proxy_header"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-10929"
],
"database_specific": {
"cwe_ids": [
"CWE-1288"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-30T17:05:15Z",
"nvd_published_at": "2025-10-30T00:15:34Z",
"severity": "MODERATE"
},
"details": "Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.",
"id": "GHSA-fg8x-q69g-4qp3",
"modified": "2025-10-30T17:05:15Z",
"published": "2025-10-30T00:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10929"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2025-111"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables"
}
GHSA-FHVF-82GH-PPGJ
Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2024-10-21 15:32prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4
{
"affected": [],
"aliases": [
"CVE-2024-8305"
],
"database_specific": {
"cwe_ids": [
"CWE-1288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T15:15:04Z",
"severity": "MODERATE"
},
"details": "prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4",
"id": "GHSA-fhvf-82gh-ppgj",
"modified": "2024-10-21T15:32:27Z",
"published": "2024-10-21T15:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8305"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-92382"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G3QW-W3WP-F3M2
Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2025-08-22 18:31Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
{
"affected": [],
"aliases": [
"CVE-2023-32701"
],
"database_specific": {
"cwe_ids": [
"CWE-1288",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-14T19:15:27Z",
"severity": "HIGH"
},
"details": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.",
"id": "GHSA-g3qw-w3wp-f3m2",
"modified": "2025-08-22T18:31:10Z",
"published": "2023-11-14T21:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32701"
},
{
"type": "WEB",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JGCQ-59JX-W43V
Vulnerability from github – Published: 2024-03-28 15:30 – Updated: 2024-03-28 15:30In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
{
"affected": [],
"aliases": [
"CVE-2024-31140"
],
"database_specific": {
"cwe_ids": [
"CWE-1288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T15:15:48Z",
"severity": "MODERATE"
},
"details": "In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools",
"id": "GHSA-jgcq-59jx-w43v",
"modified": "2024-03-28T15:30:34Z",
"published": "2024-03-28T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31140"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
No CAPEC attack patterns related to this CWE.