CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1248 vulnerabilities reference this CWE, most recent first.
GHSA-48WM-JCWQ-6M89
Vulnerability from github – Published: 2024-07-11 18:31 – Updated: 2024-07-11 18:31An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity.
This issue only happens when inline jflow is configured.
This does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself.
This issue affects Juniper Networks Junos OS Evolved: * 21.4 versions earlier than 21.4R3-S7-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S2-EVO; * 22.4 versions earlier than 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-39553"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-11T17:15:16Z",
"severity": "MODERATE"
},
"details": "An Exposure of Resource to Wrong Sphere vulnerability in the sampling service\u00a0of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity.\n\nThis issue only happens when inline jflow is configured.\n\nThis does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself.\u00a0\n\nThis issue affects Juniper Networks Junos OS Evolved:\u00a0\n * 21.4 versions earlier than 21.4R3-S7-EVO;\u00a0\n * 22.2 versions earlier than\u00a022.2R3-S3-EVO;\n * 22.3 versions earlier than 22.3R3-S2-EVO;\n * 22.4 versions earlier than 22.4R3-EVO;\n * 23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.",
"id": "GHSA-48wm-jcwq-6m89",
"modified": "2024-07-11T18:31:14Z",
"published": "2024-07-11T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39553"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA79101"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4926-QPXG-6R3W
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-06-22 18:29In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.4.13"
},
"package": {
"ecosystem": "Maven",
"name": "org.springframework.data:spring-data-rest-core"
},
"ranges": [
{
"events": [
{
"introduced": "3.4.0"
},
{
"fixed": "3.4.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.5.5"
},
"package": {
"ecosystem": "Maven",
"name": "org.springframework.data:spring-data-rest-core"
},
"ranges": [
{
"events": [
{
"introduced": "3.5.0"
},
{
"fixed": "3.5.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-22047"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-22T18:29:53Z",
"nvd_published_at": "2021-10-28T16:15:00Z",
"severity": "MODERATE"
},
"details": "In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.",
"id": "GHSA-4926-qpxg-6r3w",
"modified": "2022-06-22T18:29:53Z",
"published": "2022-05-24T19:19:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22047"
},
{
"type": "WEB",
"url": "https://tanzu.vmware.com/security/cve-2021-22047"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Exposure of Resource to Wrong Sphere in Spring Data REST"
}
GHSA-49MX-FJ45-Q3P6
Vulnerability from github – Published: 2026-02-04 17:48 – Updated: 2026-02-04 19:53Impact
The use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure.
Only authenticated users are able to execute code through Task Runners.
This issue affected any deployment in which both of the following conditions were met:
- Task Runners were enabled using N8N_RUNNERS_ENABLED=true (default: false)
- Code Node was enabled (default: true)
Patches
Access to unsafe Buffer functions has been removed from the task runner sandbox. All buffer allocations are now zero-filled by default.
- Fixed in: 1.114.3 & 1.115.0
- Action: It is strongly recommended to upgrade to version ≥ 1.114.3 as soon as possible.
Changes introduced in this patch include:
- Routing all buffer allocations through Buffer.alloc (which zero-fills) operations where applicable
- Adding regression tests to ensure continued enforcement of safe allocation practices
Workarounds
If an immediate upgrade cannot be applied, the following hardening steps are recommended:
- Disable the Code Node by adding
n8n-nodes-base.codeto theNODES_EXCLUDEenvironment variable - Prefer external mode for isolation: run Task Runners in external mode so that untrusted task code executes in a separate sidecar container rather than within the main n8n process. This configuration significantly reduces the risk of in-process memory disclosure caused by unsafe buffer allocations.
In external mode, a launcher manages Task Runner processes in a dedicated sidecar environment, separate from the primary n8n instance.
See the n8n documentation for configuration details and required environment variables.
Resources
- Node.js documentation:
Buffer.alloc()vsBuffer.allocUnsafe()— background on zero-filled vs uninitialized allocations - n8n Documentation — Task Runners — external mode, setup guide, and environment configuration details
- n8n Documentation — Blocking nodes — how to globally disable specific nodes
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "1.65.0"
},
{
"fixed": "1.114.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-61917"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-04T17:48:11Z",
"nvd_published_at": "2026-02-04T17:16:08Z",
"severity": "HIGH"
},
"details": "### Impact\n\nThe use of `Buffer.allocUnsafe()` and `Buffer.allocUnsafeSlow()` in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. \n\nOnly authenticated users are able to execute code through Task Runners.\n\nThis issue affected any deployment in which both of the following conditions were met:\n- Task Runners were enabled using `N8N_RUNNERS_ENABLED=true` (default: false)\n- Code Node was enabled (default: true)\n\n\n### Patches\n\nAccess to unsafe Buffer functions has been removed from the task runner sandbox. All buffer allocations are now zero-filled by default.\n\n- **Fixed in:** 1.114.3 \u0026 1.115.0\n- **Action:** It is strongly recommended to upgrade to version \u2265 1.114.3 as soon as possible.\n\nChanges introduced in this patch include:\n- Routing all buffer allocations through `Buffer.alloc` (which zero-fills) operations where applicable \n- Adding regression tests to ensure continued enforcement of safe allocation practices\n\n\n### Workarounds\n\nIf an immediate upgrade cannot be applied, the following hardening steps are recommended:\n\n- Disable the Code Node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable \n- Prefer external mode for isolation: run Task Runners in external mode so that untrusted task code executes in a separate sidecar container rather than within the main n8n process. This configuration significantly reduces the risk of in-process memory disclosure caused by unsafe buffer allocations. \n In external mode, a launcher manages Task Runner processes in a dedicated sidecar environment, separate from the primary n8n instance. \n See the [n8n documentation](https://docs.n8n.io/hosting/configuration/task-runners/) for configuration details and required environment variables.\n\n\n### Resources\n\n- Node.js documentation: [`Buffer.alloc()`](https://nodejs.org/docs/latest-v22.x/api/buffer.html#static-method-bufferallocsize-fill-encoding) vs [`Buffer.allocUnsafe()`](https://nodejs.org/docs/latest-v22.x/api/buffer.html#static-method-bufferallocunsafesize) \u2014 background on zero-filled vs uninitialized allocations \n- [n8n Documentation \u2014 Task Runners](https://docs.n8n.io/hosting/configuration/task-runners/) \u2014 external mode, setup guide, and environment configuration details\n- [n8n Documentation \u2014 Blocking nodes](https://docs.n8n.io/hosting/securing/blocking-nodes/) \u2014 how to globally disable specific nodes",
"id": "GHSA-49mx-fj45-q3p6",
"modified": "2026-02-04T19:53:00Z",
"published": "2026-02-04T17:48:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61917"
},
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba"
},
{
"type": "PACKAGE",
"url": "https://github.com/n8n-io/n8n"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "n8n\u0027s Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner"
}
GHSA-4C23-J7CR-737Q
Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-21 00:00In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559
{
"affected": [],
"aliases": [
"CVE-2021-39805"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-12T17:15:00Z",
"severity": "MODERATE"
},
"details": "In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559",
"id": "GHSA-4c23-j7cr-737q",
"modified": "2022-04-21T00:00:59Z",
"published": "2022-04-13T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39805"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-04-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4C47-49QQ-PQ45
Vulnerability from github – Published: 2023-08-03 03:30 – Updated: 2024-04-04 06:30ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.
{
"affected": [],
"aliases": [
"CVE-2023-38955"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-03T02:15:09Z",
"severity": "HIGH"
},
"details": "ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.",
"id": "GHSA-4c47-49qq-pq45",
"modified": "2024-04-04T06:30:21Z",
"published": "2023-08-03T03:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38955"
},
{
"type": "WEB",
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38955"
},
{
"type": "WEB",
"url": "http://zkteco.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4CGF-47R3-59WR
Vulnerability from github – Published: 2023-02-09 21:30 – Updated: 2023-02-17 18:30Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.
{
"affected": [],
"aliases": [
"CVE-2023-21447"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-09T19:15:00Z",
"severity": "LOW"
},
"details": "Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud\u0026#39;s privilege via implicit intent.",
"id": "GHSA-4cgf-47r3-59wr",
"modified": "2023-02-17T18:30:25Z",
"published": "2023-02-09T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21447"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4CM9-63X5-55WM
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2024-03-21 03:34** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives.
{
"affected": [],
"aliases": [
"CVE-2021-35958"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-30T01:15:00Z",
"severity": "CRITICAL"
},
"details": "** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor\u0027s position is that tf.keras.utils.get_file is not intended for untrusted archives.",
"id": "GHSA-4cm9-63x5-55wm",
"modified": "2024-03-21T03:34:05Z",
"published": "2022-05-24T19:06:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35958"
},
{
"type": "WEB",
"url": "https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/README.md"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/utils/data_utils.py#L137"
},
{
"type": "WEB",
"url": "https://keras.io/api"
},
{
"type": "WEB",
"url": "https://vuln.ryotak.me/advisories/52"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4CVQ-VVGX-CV87
Vulnerability from github – Published: 2024-03-13 15:31 – Updated: 2025-09-19 15:31A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.
{
"affected": [],
"aliases": [
"CVE-2024-25153"
],
"database_specific": {
"cwe_ids": [
"CWE-472",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-13T15:15:50Z",
"severity": "CRITICAL"
},
"details": "A directory traversal within the \u2018ftpservlet\u2019 of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended \u2018uploadtemp\u2019 directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal\u2019s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.",
"id": "GHSA-4cvq-vvgx-cv87",
"modified": "2025-09-19T15:31:06Z",
"published": "2024-03-13T15:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25153"
},
{
"type": "WEB",
"url": "https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html"
},
{
"type": "WEB",
"url": "https://github.com/nettitude/CVE-2024-25153/blob/master/CVE-2024-25153.py"
},
{
"type": "WEB",
"url": "https://www.fortra.com/security/advisory/fi-2024-002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4CX9-4V6R-CVXP
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.
{
"affected": [],
"aliases": [
"CVE-2020-27361"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-01T16:15:00Z",
"severity": "HIGH"
},
"details": "An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.",
"id": "GHSA-4cx9-4v6r-cvxp",
"modified": "2022-05-24T19:06:42Z",
"published": "2022-05-24T19:06:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27361"
},
{
"type": "WEB",
"url": "https://www.blacklanternsecurity.com/2021-07-01-Akkadian-CVE"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4F3Q-6CQ7-8W4P
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-10-24 19:00A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.
{
"affected": [],
"aliases": [
"CVE-2021-25314"
],
"database_specific": {
"cwe_ids": [
"CWE-378",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-14T15:15:00Z",
"severity": "HIGH"
},
"details": "A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.",
"id": "GHSA-4f3q-6cq7-8w4p",
"modified": "2022-10-24T19:00:17Z",
"published": "2022-05-24T17:47:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25314"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1182166"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.