Common Weakness Enumeration

CWE-749

Allowed

Exposed Dangerous Method or Function

Abstraction: Base · Status: Incomplete

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

304 vulnerabilities reference this CWE, most recent first.

GHSA-F3QH-P6VF-FRVJ

Vulnerability from github – Published: 2022-05-17 03:46 – Updated: 2025-11-05 00:31
VLAI
Details

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-5415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-05T10:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.",
  "id": "GHSA-f3qh-p6vf-frvj",
  "modified": "2025-11-05T00:31:12Z",
  "published": "2022-05-17T03:46:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5415"
    },
    {
      "type": "WEB",
      "url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf"
    },
    {
      "type": "WEB",
      "url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf"
    },
    {
      "type": "WEB",
      "url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93349"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F4MH-7QWC-2533

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2024-01-23 15:30
VLAI
Details

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-20923"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-23T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine\u0027s internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.",
  "id": "GHSA-f4mh-7qwc-2533",
  "modified": "2024-01-23T15:30:55Z",
  "published": "2022-05-24T17:34:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20923"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-39481"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FH72-RHCQ-WPF6

Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-26 21:31
VLAI
Details

Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is required to exploit this vulnerability.

The specific flaw exists within the implementation of the Autel Technician API. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-26351.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-25T18:15:23Z",
    "severity": "MODERATE"
  },
  "details": "Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the Autel Technician API. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-26351.",
  "id": "GHSA-fh72-rhcq-wpf6",
  "modified": "2025-06-26T21:31:13Z",
  "published": "2025-06-26T21:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5823"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-341"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FHM6-67QQ-3Q35

Vulnerability from github – Published: 2022-05-17 04:52 – Updated: 2025-08-23 00:31
VLAI
Details

An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-0758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-02-24T04:48:00Z",
    "severity": "HIGH"
  },
  "details": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.",
  "id": "GHSA-fhm6-67qq-3q35",
  "modified": "2025-08-23T00:31:12Z",
  "published": "2022-05-17T04:52:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0758"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-051-01"
    },
    {
      "type": "WEB",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FJ6X-XHQ4-HQ99

Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30
VLAI
Details

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.

The specific flaw exists within the Ignition Gateway server. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20541.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38124"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:15:10Z",
    "severity": "HIGH"
  },
  "details": "Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the Ignition Gateway server. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20541.",
  "id": "GHSA-fj6x-xhq4-hq99",
  "modified": "2024-05-03T03:30:56Z",
  "published": "2024-05-03T03:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38124"
    },
    {
      "type": "WEB",
      "url": "https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1015"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FWJP-3G6W-X33Q

Vulnerability from github – Published: 2025-12-24 00:30 – Updated: 2025-12-24 00:30
VLAI
Details

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27678.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14496"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-23T22:15:50Z",
    "severity": "HIGH"
  },
  "details": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27678.",
  "id": "GHSA-fwjp-3g6w-x33q",
  "modified": "2025-12-24T00:30:16Z",
  "published": "2025-12-24T00:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14496"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1171"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G8MR-85JM-7XHM

Vulnerability from github – Published: 2026-06-15 20:05 – Updated: 2026-06-15 20:05
VLAI
Summary
Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE
Details

Summary

Vitest Browser Mode exposes a cdp() API that forwards raw Chrome DevTools Protocol (CDP) methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec.

As a result, disabling Browser Mode write and exec operations does not prevent a browser API client from using CDP to perform equivalent actions. In a verified reproduction with allowWrite: false and allowExec: false, CDP Page.setDownloadBehavior set the browser download directory to the project root, and CDP Runtime.evaluate downloaded a controlled vite.config.ts. Vitest reloaded the changed config and executed attacker-controlled Node.js code.

When the Browser Mode API is also exposed to the network, this becomes remotely exploitable because the generated browser runner page exposes the API token, active session id, project name, and project root path needed to connect to the browser WebSocket API and select the target download directory.

Impact

This affects Browser Mode projects using a CDP-capable provider, such as Playwright Chromium, when the browser API server is exposed to the network, for example with --browser.api.host=0.0.0.0.

In this mode Vitest warns that write and exec operations are disabled by default, but the generated browser runner page exposes enough metadata for a remote client to authenticate to the browser WebSocket API while an active session exists. This includes the browser API token, active session id, project name, and serialized test config including the project root path. The attacker can then call Vitest's CDP RPC and use Chrome's download controls to overwrite vite.config.ts in the project root. When Vitest reloads the changed config, attacker-controlled Node.js code executes on the host running Vitest.

The same exposed CDP bridge also allows direct browser-session JavaScript execution through Runtime.evaluate. A separate local probe showed that CDP can navigate the browser to a file:// URL and read rendered file contents, but the primary verified impact is config-file overwrite leading to RCE.

Reproduction

For a concrete reproduction, start Browser Mode in watch mode using the official Lit example:

pnpm dlx tiged vitest-dev/vitest/examples/lit vitest-poc
cd vitest-poc
pnpm install

Configure the Browser Mode API to listen on all interfaces while explicitly disabling write and exec operations:

import { playwright } from '@vitest/browser-playwright'
import { defineConfig } from 'vite'

export default defineConfig({
  test: {
    browser: {
      enabled: true,
      provider: playwright(),
      instances: [
        { browser: 'chromium' },
      ],
      api: {
        host: '0.0.0.0',
        allowWrite: false,
        allowExec: false,
      },
    },
  },
})

Then start the test server:

pnpm test

Vitest serves the browser runner HTML and WebSocket API at http://localhost:63315.

While the browser session is active:

  1. Fetch the generated browser runner page:

text http://localhost:63315/__vitest_test__/

  1. Extract the embedded browser API token, active session id, project name, and project root:

  2. window.VITEST_API_TOKEN

  3. __vitest_browser_runner__.sessionId
  4. __vitest_browser_runner__.config.name
  5. __vitest_browser_runner__.config.root

  6. Connect to the browser API WebSocket as a tester client:

text /__vitest_browser_api__?type=tester&rpcId=<fresh-id>&sessionId=<session-id>&projectName=<project-name>&method=none&token=<token>

  1. Call the sendCdpEvent RPC method with:

text Page.setDownloadBehavior({ behavior: "allow", downloadPath: __vitest_browser_runner__.config.root })

  1. Call sendCdpEvent again with Runtime.evaluate. The evaluated JavaScript creates a Blob containing a malicious Vite config and clicks an anchor element <a download="vite.config.ts">.

  2. Observed result:

  3. vite.config.ts is overwritten with attacker-controlled content.

  4. Vitest reloads the changed config.
  5. The injected Node.js payload runs on the host.
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.0.0-beta.3"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@vitest/browser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0-beta.0"
            },
            {
              "fixed": "5.0.0-beta.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.1.7"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@vitest/browser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.1.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.2.4"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@vitest/browser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.2.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.1.23"
      },
      "package": {
        "ecosystem": "npm",
        "name": "vite-plus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-53633"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-15T20:05:15Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "## Summary\n\nVitest Browser Mode exposes a `cdp()` API that forwards raw Chrome DevTools Protocol (CDP) methods over the Vitest browser WebSocket RPC. CDP is not gated by `browser.api.allowWrite`, `browser.api.allowExec`, `api.allowWrite`, or `api.allowExec`.\n\nAs a result, disabling Browser Mode write and exec operations does not prevent a browser API client from using CDP to perform equivalent actions. In a verified reproduction with `allowWrite: false` and `allowExec: false`, CDP `Page.setDownloadBehavior` set the browser download directory to the project root, and CDP `Runtime.evaluate` downloaded a controlled `vite.config.ts`. Vitest reloaded the changed config and executed attacker-controlled Node.js code.\n\nWhen the Browser Mode API is also exposed to the network, this becomes remotely exploitable because the generated browser runner page exposes the API token, active session id, project name, and project root path needed to connect to the browser WebSocket API and select the target download directory.\n\n## Impact\n\nThis affects Browser Mode projects using a CDP-capable provider, such as Playwright Chromium, when the browser API server is exposed to the network, for example with `--browser.api.host=0.0.0.0`.\n\nIn this mode Vitest warns that write and exec operations are disabled by default, but the generated browser runner page exposes enough metadata for a remote client to authenticate to the browser WebSocket API while an active session exists. This includes the browser API token, active session id, project name, and serialized test config including the project root path. The attacker can then call Vitest\u0027s CDP RPC and use Chrome\u0027s download controls to overwrite `vite.config.ts` in the project root. When Vitest reloads the changed config, attacker-controlled Node.js code executes on the host running Vitest.\n\nThe same exposed CDP bridge also allows direct browser-session JavaScript execution through `Runtime.evaluate`. A separate local probe showed that CDP can navigate the browser to a `file://` URL and read rendered file contents, but the primary verified impact is config-file overwrite leading to RCE.\n\n## Reproduction\n\nFor a concrete reproduction, start Browser Mode in watch mode using the official Lit example:\n\n```sh\npnpm dlx tiged vitest-dev/vitest/examples/lit vitest-poc\ncd vitest-poc\npnpm install\n```\n\nConfigure the Browser Mode API to listen on all interfaces while explicitly disabling write and exec operations:\n\n```ts\nimport { playwright } from \u0027@vitest/browser-playwright\u0027\nimport { defineConfig } from \u0027vite\u0027\n\nexport default defineConfig({\n  test: {\n    browser: {\n      enabled: true,\n      provider: playwright(),\n      instances: [\n        { browser: \u0027chromium\u0027 },\n      ],\n      api: {\n        host: \u00270.0.0.0\u0027,\n        allowWrite: false,\n        allowExec: false,\n      },\n    },\n  },\n})\n```\n\nThen start the test server:\n\n```sh\npnpm test\n```\n\nVitest serves the browser runner HTML and WebSocket API at `http://localhost:63315`.\n\nWhile the browser session is active:\n\n1. Fetch the generated browser runner page:\n\n   ```text\n   http://localhost:63315/__vitest_test__/\n   ```\n\n2. Extract the embedded browser API token, active session id, project name, and project root:\n\n   - `window.VITEST_API_TOKEN`\n   - `__vitest_browser_runner__.sessionId`\n   - `__vitest_browser_runner__.config.name`\n   - `__vitest_browser_runner__.config.root`\n\n3. Connect to the browser API WebSocket as a tester client:\n\n   ```text\n   /__vitest_browser_api__?type=tester\u0026rpcId=\u003cfresh-id\u003e\u0026sessionId=\u003csession-id\u003e\u0026projectName=\u003cproject-name\u003e\u0026method=none\u0026token=\u003ctoken\u003e\n   ```\n\n4. Call the `sendCdpEvent` RPC method with:\n\n   ```text\n   Page.setDownloadBehavior({\n     behavior: \"allow\",\n     downloadPath: __vitest_browser_runner__.config.root\n   })\n   ```\n\n5. Call `sendCdpEvent` again with `Runtime.evaluate`. The evaluated JavaScript creates a Blob containing a malicious Vite config and clicks an anchor element `\u003ca download=\"vite.config.ts\"\u003e`.\n\n6. Observed result:\n\n   - `vite.config.ts` is overwritten with attacker-controlled content.\n   - Vitest reloads the changed config.\n   - The injected Node.js payload runs on the host.",
  "id": "GHSA-g8mr-85jm-7xhm",
  "modified": "2026-06-15T20:05:15Z",
  "published": "2026-06-15T20:05:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vitest-dev/vitest/security/advisories/GHSA-g8mr-85jm-7xhm"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vitest-dev/vitest"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE"
}

GHSA-GCGW-Q47M-PRVJ

Vulnerability from github – Published: 2023-12-12 03:31 – Updated: 2024-09-30 18:52
VLAI
Summary
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-59c9-pxq8-9c73. This link is maintained to preserve external references.

Original Description

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.sap.cloud.security:java-security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.sap.cloud.security:java-security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.sap.cloud.security.xsuaa:spring-xsuaa"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.sap.cloud.security.xsuaa:spring-xsuaa"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.sap.cloud.security:spring-security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.sap.cloud.security:spring-security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-639",
      "CWE-749"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-15T03:53:07Z",
    "nvd_published_at": "2023-12-12T02:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-59c9-pxq8-9c73. This link is maintained to preserve external references.\n\n## Original Description\nSAP\u00a0BTP\u00a0Security Services Integration Library ([Java] cloud-security-services-integration-library) -\u00a0versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.\n\n",
  "id": "GHSA-gcgw-q47m-prvj",
  "modified": "2024-09-30T18:52:44Z",
  "published": "2023-12-12T03:31:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50422"
    },
    {
      "type": "WEB",
      "url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/SAP/cloud-security-services-integration-library"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3411067"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3413475"
    },
    {
      "type": "WEB",
      "url": "https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa"
    },
    {
      "type": "WEB",
      "url": "https://mvnrepository.com/artifact/com.sap.cloud.security/java-security"
    },
    {
      "type": "WEB",
      "url": "https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library ",
  "withdrawn": "2024-09-30T18:52:44Z"
}

GHSA-H5V5-9632-6PPH

Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31
VLAI
Details

Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the MacMonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22034.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51581"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:16:17Z",
    "severity": "CRITICAL"
  },
  "details": "Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the MacMonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22034.",
  "id": "GHSA-h5v5-9632-6pph",
  "modified": "2024-05-03T03:31:07Z",
  "published": "2024-05-03T03:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51581"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1886"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H7CW-M84H-C746

Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31
VLAI
Details

Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the MonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22011.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:16:16Z",
    "severity": "CRITICAL"
  },
  "details": "Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the MonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22011.",
  "id": "GHSA-h7cw-m84h-c746",
  "modified": "2024-05-03T03:31:07Z",
  "published": "2024-05-03T03:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51575"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1881"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.

Mitigation
Architecture and Design Implementation

Strategy: Attack Surface Reduction

  • Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
  • Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
  • accessible to all users
  • restricted to a small set of privileged users
  • prevented from being directly accessible at all
CAPEC-500: WebView Injection

An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.