Common Weakness Enumeration

CWE-346

Allowed-with-Review

Origin Validation Error

Abstraction: Class · Status: Draft

The product does not properly verify that the source of data or communication is valid.

789 vulnerabilities reference this CWE, most recent first.

GHSA-CV87-PX3C-7H2J

Vulnerability from github – Published: 2026-05-02 15:30 – Updated: 2026-05-02 15:30
VLAI
Details

A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7643"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-02T15:16:14Z",
    "severity": "LOW"
  },
  "details": "A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-cv87-px3c-7h2j",
  "modified": "2026-05-02T15:30:27Z",
  "published": "2026-05-02T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7643"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ChatGPTNextWeb/NextChat/issues/6756"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ChatGPTNextWeb/NextChat"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/806833"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/360755"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/360755/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CW2F-GGF4-P3JF

Vulnerability from github – Published: 2024-06-11 00:30 – Updated: 2024-06-11 00:30
VLAI
Details

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

This vulnerability is similar to, but not identical to, CVE-2024-36303.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36302"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-10T22:15:10Z",
    "severity": "HIGH"
  },
  "details": "An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThis vulnerability is similar to, but not identical to, CVE-2024-36303.",
  "id": "GHSA-cw2f-ggf4-p3jf",
  "modified": "2024-06-11T00:30:39Z",
  "published": "2024-06-11T00:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36302"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/dcx/s/solution/000298063"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-569"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CWC7-H32G-JV39

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 18:31
VLAI
Details

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-13838"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:16:58Z",
    "severity": "MODERATE"
  },
  "details": "Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-cwc7-h32g-jv39",
  "modified": "2026-07-01T18:31:29Z",
  "published": "2026-07-01T00:34:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13838"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/514445398"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CWH3-JW96-RMR6

Vulnerability from github – Published: 2025-04-17 15:32 – Updated: 2025-04-17 15:32
VLAI
Details

Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions below 10.8.2.33 allows attackers to execute arbitrary commands via unauthorized access to the Agent service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3651"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-17T15:15:58Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions below 10.8.2.33 allows attackers to execute arbitrary commands via unauthorized access to the Agent service.",
  "id": "GHSA-cwh3-jw96-rmr6",
  "modified": "2025-04-17T15:32:37Z",
  "published": "2025-04-17T15:32:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3651"
    },
    {
      "type": "WEB",
      "url": "https://docs.imanage.com/security/CVE-2025-3651.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CWXW-98QJ-8QJX

Vulnerability from github – Published: 2026-06-19 14:37 – Updated: 2026-06-19 14:37
VLAI
Summary
guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts
Details

Impact

CookieJar incorrectly accepts cookies with a dot-only Domain attribute, such as Domain=., Domain=.., Domain=..., and whitespace-padded variants such as Domain= .. In affected versions, SetCookie::matchesDomain() removes leading dots from the cookie domain, normalizing dot-only values to the empty string; SetCookie::validate() only rejected a strictly empty domain, so these cookies could be stored and the empty normalized domain was treated as matching any request host.

An attacker-controlled origin that an application requests with a shared cookie jar can therefore set a cookie that Guzzle later sends to unrelated hosts using the same jar. This may allow cookie injection or session fixation against downstream services, depending on how those services interpret the injected cookie. Applications are affected when they use Guzzle's cookie support, for example new Client(['cookies' => true]) or an explicit shared CookieJar, and reuse the same jar across attacker-controlled and trusted origins.

Applications that do not use Guzzle's cookie support, or that use separate cookie jars per origin or trust boundary, are not affected. This issue is distinct from public suffix list validation: dot-only domains contain no domain label and should not match unrelated hosts.

Patches

The issue is patched in 7.12.1 and later. Starting in that release, Guzzle rejects dot-only cookie Domain attributes and prevents an empty normalized cookie domain from matching any request host.

Workarounds

If you cannot upgrade immediately, do not reuse the same CookieJar instance across untrusted and trusted origins. Use separate cookie jars per origin or trust boundary, or disable cookie handling for requests to untrusted hosts.

Avoid using new Client(['cookies' => true]) for clients that may contact unrelated hosts with different trust levels, because that option creates one shared jar for the client.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "guzzlehttp/guzzle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-55767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286",
      "CWE-346"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T14:37:29Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\n\n`CookieJar` incorrectly accepts cookies with a dot-only `Domain` attribute, such as `Domain=.`, `Domain=..`, `Domain=...`, and whitespace-padded variants such as `Domain= . `. In affected versions, `SetCookie::matchesDomain()` removes leading dots from the cookie domain, normalizing dot-only values to the empty string; `SetCookie::validate()` only rejected a strictly empty domain, so these cookies could be stored and the empty normalized domain was treated as matching any request host.\n\nAn attacker-controlled origin that an application requests with a shared cookie jar can therefore set a cookie that Guzzle later sends to unrelated hosts using the same jar. This may allow cookie injection or session fixation against downstream services, depending on how those services interpret the injected cookie. Applications are affected when they use Guzzle\u0027s cookie support, for example `new Client([\u0027cookies\u0027 =\u003e true])` or an explicit shared `CookieJar`, and reuse the same jar across attacker-controlled and trusted origins.\n\nApplications that do not use Guzzle\u0027s cookie support, or that use separate cookie jars per origin or trust boundary, are not affected. This issue is distinct from public suffix list validation: dot-only domains contain no domain label and should not match unrelated hosts.\n\n### Patches\n\nThe issue is patched in `7.12.1` and later. Starting in that release, Guzzle rejects dot-only cookie `Domain` attributes and prevents an empty normalized cookie domain from matching any request host.\n\n### Workarounds\n\nIf you cannot upgrade immediately, do not reuse the same `CookieJar` instance across untrusted and trusted origins. Use separate cookie jars per origin or trust boundary, or disable cookie handling for requests to untrusted hosts.\n\nAvoid using `new Client([\u0027cookies\u0027 =\u003e true])` for clients that may contact unrelated hosts with different trust levels, because that option creates one shared jar for the client.",
  "id": "GHSA-cwxw-98qj-8qjx",
  "modified": "2026-06-19T14:37:29Z",
  "published": "2026-06-19T14:37:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-cwxw-98qj-8qjx"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/guzzle/guzzle"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts"
}

GHSA-CXJ8-GGF2-P57C

Vulnerability from github – Published: 2026-04-03 21:43 – Updated: 2026-04-03 21:43
VLAI
Summary
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow
Details

Summary

SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirect_uri. Because the redirectUri configuration is silently unset by default, an attacker spoof the Host header to steal OAuth authorization codes and hijack user sessions in realistic deployments as The OIDC provider will then send the authorization code to whatever domain was injected.

The OIDC specification requires redirect_uri to be pre-registered and not derived from untrusted input. Constructing it from the Host header violates this requirement and introduces a trust boundary break. This risk is actively amplified by SignalK's official documentation, which instructs administrators to deploy an Nginx configuration that forwards the vulnerable Host header, exposing production environments.

Vulnerability Root Cause

Two factors combine to create this vulnerability:

Factor 1: redirectUri is optional with an unsafe fallback In types.ts:30, redirectUri is declared as optional

export interface OIDCConfig {
  // ...
  redirectUri?: string   // ← Optional, no default value
  // ...
}

The defaults in types.ts:175-185 do not include a redirectUri: never checks or warns about a missing redirectUri. This means a fully "valid" OIDC configuration can exist without redirectUri, silently activating the vulnerable fallback path.

export const OIDC_DEFAULTS: Omit<OIDCConfig, 'issuer' | 'clientId' | 'clientSecret'> = {
  enabled: false,
  scope: 'openid email profile',
  defaultPermission: 'readonly',
  autoCreateUsers: true,
  providerName: 'SSO Login',
  autoLogin: false
  // ← No redirectUri default
}

Factor 2: Unsafe Host header usage in two locations Location 1 — Login handler in oidc-auth.ts:278-282:

const protocol = req.secure ? 'https' : 'http'
const host = req.get('host')                          // ← Attacker-controlled
const redirectUri =
  oidcConfig.redirectUri ||                            // ← Only safe if explicitly set
  `${protocol}://${host}${skAuthPrefix}/oidc/callback` // ← Uses attacker's Host

This redirectUri flows into createAuthState() → buildAuthorizationUrl() → OIDC provider's redirect_uri parameter. The OIDC provider will then send the authorization code to whatever domain was injected.

Location 2 — Logout handler in oidc-auth.ts:513-515:

const protocol = req.secure ? 'https' : 'http'
const host = req.get('host')                            // ← Same pattern
const fullPostLogoutUri = `${protocol}://${host}${postLogoutRedirect}`

This constructs the post_logout_redirect_uri sent to the OIDC provider's end_session_endpoint, allowing an attacker to redirect the user to an attacker controlled domain after logout.

Official Documentation Enables the Attack

SignalK's own security documentation at docs/security.md:222-228 provides the recommended nginx reverse proxy configuration: The proxy_set_header Host $host; directive forwards the client-supplied Host header to the backend unmodified. Without this directive, nginx would replace the Host header with the upstream address (localhost:3000), which would neutralize the injection.

location / {
    proxy_pass http://localhost:3000;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;   # ← Forwards client's Host header to SignalK
}

Administrators who follow the official documentation are directly enabling this vulnerability behind their reverse proxy.

Proof of Concept

Tested against SignalK Server v2.23.0 in Docker with OIDC enabled .

Step 1 — Send login request with injected Host header: $response = Invoke-WebRequest -Uri "http://localhost:3000/signalk/v1/auth/oidc/login" -Headers @{"Host"="evil.com"} -MaximumRedirection 0 -ErrorAction SilentlyContinue -UseBasicParsing

Step 2: Decode and print the injected redirect URL [uri]::UnescapeDataString($response.Headers.Location) Screenshot 2026-03-25 171251

Impact

  • Authorization Code Theft: The OIDC provider sends the OAuth authorization code to the attacker's domain instead of the legitimate server.
  • Session Hijack: The attacker can exchange the stolen code for tokens and create a session as the victim user.
  • Logout Redirect Hijack: The logout handler has the same pattern, allowing post-logout redirection to an attacker domain (phishing opportunity).
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "signalk-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.20.0"
            },
            {
              "fixed": "2.24.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34083"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346",
      "CWE-601"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-03T21:43:22Z",
    "nvd_published_at": "2026-04-02T17:16:23Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nSignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirect_uri. Because the redirectUri configuration is silently unset by default, an **attacker spoof the Host header** to steal OAuth authorization codes and hijack user sessions in realistic deployments as The OIDC provider will then send the authorization code to whatever domain was injected.\n\n_The OIDC specification requires redirect_uri to be pre-registered and not derived from untrusted input. Constructing it from the Host header violates this requirement and introduces a trust boundary break._\nThis risk is actively amplified by SignalK\u0027s official documentation, which instructs administrators to deploy an Nginx configuration that forwards the vulnerable Host header, exposing production environments.\n\n## Vulnerability Root Cause\n\nTwo factors combine to create this vulnerability:\n\n**Factor 1: redirectUri is optional with an unsafe fallback**\nIn types.ts:30, redirectUri is declared as optional\n```\nexport interface OIDCConfig {\n  // ...\n  redirectUri?: string   // \u2190 Optional, no default value\n  // ...\n}\n```\n\nThe defaults in types.ts:175-185 do not include a redirectUri: never checks or warns about a missing redirectUri. This means a fully \"valid\" OIDC configuration can exist without redirectUri, silently activating the vulnerable fallback path.\n```\nexport const OIDC_DEFAULTS: Omit\u003cOIDCConfig, \u0027issuer\u0027 | \u0027clientId\u0027 | \u0027clientSecret\u0027\u003e = {\n  enabled: false,\n  scope: \u0027openid email profile\u0027,\n  defaultPermission: \u0027readonly\u0027,\n  autoCreateUsers: true,\n  providerName: \u0027SSO Login\u0027,\n  autoLogin: false\n  // \u2190 No redirectUri default\n}\n```\n\n**Factor 2: Unsafe Host header usage in two locations**\nLocation 1 \u2014 Login handler in oidc-auth.ts:278-282:\n```\nconst protocol = req.secure ? \u0027https\u0027 : \u0027http\u0027\nconst host = req.get(\u0027host\u0027)                          // \u2190 Attacker-controlled\nconst redirectUri =\n  oidcConfig.redirectUri ||                            // \u2190 Only safe if explicitly set\n  `${protocol}://${host}${skAuthPrefix}/oidc/callback` // \u2190 Uses attacker\u0027s Host\n\n```\nThis redirectUri flows into createAuthState() \u2192 buildAuthorizationUrl() \u2192 OIDC provider\u0027s redirect_uri parameter. The OIDC provider will then send the authorization code to whatever domain was injected.\n\nLocation 2 \u2014 Logout handler in oidc-auth.ts:513-515:\n```\nconst protocol = req.secure ? \u0027https\u0027 : \u0027http\u0027\nconst host = req.get(\u0027host\u0027)                            // \u2190 Same pattern\nconst fullPostLogoutUri = `${protocol}://${host}${postLogoutRedirect}`\n```\nThis constructs the post_logout_redirect_uri sent to the OIDC provider\u0027s end_session_endpoint, allowing an attacker to redirect the user to an attacker controlled domain after logout.\n\n### Official Documentation Enables the Attack\n\nSignalK\u0027s own security documentation at docs/security.md:222-228 provides the recommended nginx reverse proxy configuration:\nThe proxy_set_header Host $host; directive forwards the client-supplied Host header to the backend unmodified. Without this directive, nginx would replace the Host header with the upstream address (localhost:3000), which would neutralize the injection.\n```\nlocation / {\n    proxy_pass http://localhost:3000;\n    proxy_set_header X-Forwarded-For $remote_addr;\n    proxy_set_header X-Forwarded-Proto $scheme;\n    proxy_set_header Host $host;   # \u2190 Forwards client\u0027s Host header to SignalK\n}\n```\nAdministrators who follow the official documentation are directly enabling this vulnerability behind their reverse proxy.\n\n## Proof of Concept \nTested against SignalK Server v2.23.0 in Docker with OIDC enabled .\n\n**Step 1 \u2014 Send login request with injected Host header:**\n`$response = Invoke-WebRequest -Uri \"http://localhost:3000/signalk/v1/auth/oidc/login\" -Headers @{\"Host\"=\"evil.com\"} -MaximumRedirection 0 -ErrorAction SilentlyContinue -UseBasicParsing`\n\n**Step 2: Decode and print the injected redirect URL**\n`[uri]::UnescapeDataString($response.Headers.Location)\n`\n\u003cimg width=\"1259\" height=\"211\" alt=\"Screenshot 2026-03-25 171251\" src=\"https://github.com/user-attachments/assets/6e4a9655-639e-48c2-a7f0-06e17ad471ff\" /\u003e\n\n## Impact\n\n* **Authorization Code Theft:** The OIDC provider sends the OAuth authorization code to the attacker\u0027s domain instead of the legitimate server.\n* **Session Hijack:** The attacker can exchange the stolen code for tokens and create a session as the victim user.\n* **Logout Redirect Hijack:** The logout handler has the same pattern, allowing post-logout redirection to an attacker domain (phishing opportunity).",
  "id": "GHSA-cxj8-ggf2-p57c",
  "modified": "2026-04-03T21:43:22Z",
  "published": "2026-04-03T21:43:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SignalK/signalk-server/security/advisories/GHSA-cxj8-ggf2-p57c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34083"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/SignalK/signalk-server"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SignalK/signalk-server/releases/tag/v2.24.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow"
}

GHSA-F2VR-9QRM-HV28

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35
VLAI
Details

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-14053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:17:17Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)",
  "id": "GHSA-f2vr-9qrm-hv28",
  "modified": "2026-07-01T15:35:08Z",
  "published": "2026-07-01T00:34:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14053"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/501836539"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F49C-C736-9G2J

Vulnerability from github – Published: 2023-08-04 15:30 – Updated: 2025-05-30 18:30
VLAI
Details

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29505"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-04T15:15:09Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.",
  "id": "GHSA-f49c-c736-9g2j",
  "modified": "2025-05-30T18:30:49Z",
  "published": "2023-08-04T15:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29505"
    },
    {
      "type": "WEB",
      "url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-29505"
    },
    {
      "type": "WEB",
      "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-29505"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/itom/advisory/cve-2023-29505.html"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_127131"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F4XH-W4CJ-QXQ8

Vulnerability from github – Published: 2026-06-19 22:10 – Updated: 2026-06-19 22:10
VLAI
Summary
LangSmith SDK TracingMiddleware: Arbitrary server-side file read
Details

Summary

An attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deployed, triggering a read may not require authentication. Retrieving the contents requires read access to the LangSmith workspace the traces are sent to. The net effect is a trust-boundary crossing: a party with workspace trace-read access (for example a low-privilege workspace member, a contractor, or a compromised teammate account) gains the ability to read files from any server running TracingMiddleware, a capability outside that workspace's intended trust boundary.

Impact

Confidentiality (High): arbitrary read of files accessible to the server process, exposed to anyone with workspace trace-read access.

Details

Two defects combine. A field supplied through a tracing-propagation header was merged into the run without validation, allowing injection of run attributes including attachments (CWE-346). A type check intended to gate filesystem access did not match the type of the decoded input, so the guard never engaged (CWE-843). As a result, an attacker-named file is opened by the server and uploaded as a trace attachment by the background tracing thread (CWE-22).

Who can exploit this

  • Anyone reachable by HTTP can trigger the file read. Depending on how the distributed trace system is deployed, triggering may not require authentication.
  • Retrieving the file contents requires read access to the destination LangSmith workspace. The upload uses the server's own configured API key and workspace, which the attacker cannot redirect, so a zero-access outsider cannot retrieve the result; a workspace member, or anyone who has compromised one, can.

Remediation

Upgrade the Python SDK to >= 0.8.18.

Workarounds

Until upgrading, do not expose TracingMiddleware to untrusted HTTP traffic, and limit workspace trace-read access to trusted members.

Credits

First reported by @Ryu7zz.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "langsmith"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-346",
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T22:10:34Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "# Summary\n\nAn attacker who can send an HTTP request to a server running the LangSmith SDK\u0027s `TracingMiddleware` can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deployed, triggering a read may not require authentication. Retrieving the contents requires read access to the LangSmith workspace the traces are sent to. The net effect is a trust-boundary crossing: a party with workspace trace-read access (for example a low-privilege workspace member, a contractor, or a compromised teammate account) gains the ability to read files from any server running `TracingMiddleware`, a capability outside that workspace\u0027s intended trust boundary.\n\n# Impact\n\nConfidentiality (High): arbitrary read of files accessible to the server process, exposed to anyone with workspace trace-read access.\n\n# Details\n\nTwo defects combine. A field supplied through a tracing-propagation header was merged into the run without validation, allowing injection of run attributes including attachments (CWE-346). A type check intended to gate filesystem access did not match the type of the decoded input, so the guard never engaged (CWE-843). As a result, an attacker-named file is opened by the server and uploaded as a trace attachment by the background tracing thread (CWE-22).\n\n## Who can exploit this\n\n- Anyone reachable by HTTP can trigger the file read. Depending on how the distributed trace system is deployed, triggering may not require authentication.\n- Retrieving the file contents requires read access to the destination LangSmith workspace. The upload uses the server\u0027s own configured API key and workspace, which the attacker cannot redirect, so a zero-access outsider cannot retrieve the result; a workspace member, or anyone who has compromised one, can.\n\n# Remediation\n\nUpgrade the Python SDK to `\u003e= 0.8.18`.\n\n# Workarounds\n\nUntil upgrading, do not expose `TracingMiddleware` to untrusted HTTP traffic, and limit workspace trace-read access to trusted members.\n\n# Credits\n\nFirst reported by @Ryu7zz.",
  "id": "GHSA-f4xh-w4cj-qxq8",
  "modified": "2026-06-19T22:10:34Z",
  "published": "2026-06-19T22:10:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-f4xh-w4cj-qxq8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/langchain-ai/langsmith-sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LangSmith SDK TracingMiddleware: Arbitrary server-side file read"
}

GHSA-F53G-FRR2-JHPF

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:33
VLAI
Details

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This can lead to the extraction of data from workspaces, to a full takeover of the workspace.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0957"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1385",
      "CWE-346"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-03T08:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim\u2019s credentials, because the Origin header is not restricted. This can lead to the extraction of data from workspaces, to a full takeover of the workspace.",
  "id": "GHSA-f53g-frr2-jhpf",
  "modified": "2024-04-04T05:33:50Z",
  "published": "2023-07-06T19:24:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0957"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gitpod-io/gitpod/pull/16378"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gitpod-io/gitpod/pull/16405"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gitpod-io/gitpod/commit/12956988eec0031f42ffdfa3bdc3359f65628f9f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gitpod-io/gitpod/commit/673ab6856fa04c13b7b1f2a968e4d090f1d94e4f"
    },
    {
      "type": "WEB",
      "url": "https://app.safebase.io/portal/71ccd717-aa2d-4a1e-942e-c768d37e9e0c/preview?product=default\u0026orgId=71ccd717-aa2d-4a1e-942e-c768d37e9e0c\u0026tcuUid=1d505bda-9a38-4ca5-8724-052e6337f34d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gitpod-io/gitpod/releases/tag/release-2022.11.2"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)

An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website.

CAPEC-141: Cache Poisoning

An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.

CAPEC-142: DNS Cache Poisoning

A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.

CAPEC-160: Exploit Script-Based APIs

Some APIs support scripting instructions as arguments. Methods that take scripted instructions (or references to scripted instructions) can be very flexible and powerful. However, if an attacker can specify the script that serves as input to these methods they can gain access to a great deal of functionality. For example, HTML pages support <script> tags that allow scripting languages to be embedded in the page and then interpreted by the receiving web browser. If the content provider is malicious, these scripts can compromise the client application. Some applications may even execute the scripts under their own identity (rather than the identity of the user providing the script) which can allow attackers to perform activities that would otherwise be denied to them.

CAPEC-21: Exploitation of Trusted Identifiers

An adversary guesses, obtains, or "rides" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service.

CAPEC-384: Application API Message Manipulation via Man-in-the-Middle

An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to perform adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system. Despite the use of AiTH software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true "Adversary-in-the-Middle" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.

CAPEC-385: Transaction or Event Tampering via Application API Manipulation

An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, substitute one item or another, spoof an existing item and conduct a false exchange, or otherwise change the amounts or identity of what is being exchanged. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the content of various application elements. Often, items exchanged in game can be monetized via sales for coin, virtual dollars, etc. The purpose of the attack is for the attack to scam the victim by trapping the data packets involved the exchange and altering the integrity of the transfer process.

CAPEC-386: Application API Navigation Remapping

An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains links/buttons that point to an attacker controlled destination. Some applications make navigation remapping more difficult to detect because the actual HREF values of images, profile elements, and links/buttons are masked. One example would be to place an image in a user's photo gallery that when clicked upon redirected the user to an off-site location. Also, traditional web vulnerabilities (such as CSRF) can be constructed with remapped buttons or links. In some cases navigation remapping can be used for Phishing attacks or even means to artificially boost the page view, user site reputation, or click-fraud.

CAPEC-387: Navigation Remapping To Propagate Malicious Content

An adversary manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic.

CAPEC-388: Application API Button Hijacking

An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.

CAPEC-510: SaaS User Request Forgery

An adversary, through a previously installed malicious application, performs malicious actions against a third-party Software as a Service (SaaS) application (also known as a cloud based application) by leveraging the persistent and implicit trust placed on a trusted user's session. This attack is executed after a trusted user is authenticated into a cloud service, "piggy-backing" on the authenticated session, and exploiting the fact that the cloud service believes it is only interacting with the trusted user. If successful, the actions embedded in the malicious application will be processed and accepted by the targeted SaaS application and executed at the trusted user's privilege level.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

CAPEC-60: Reusing Session IDs (aka Session Replay)

This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.

CAPEC-75: Manipulating Writeable Configuration Files

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

CAPEC-89: Pharming

A pharming attack occurs when the victim is fooled into entering sensitive data into supposedly trusted locations, such as an online bank site or a trading platform. An attacker can impersonate these supposedly trusted sites and have the victim be directed to their site rather than the originally intended one. Pharming does not require script injection or clicking on malicious links for the attack to succeed.