Common Weakness Enumeration

CWE-915

Allowed

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Abstraction: Base · Status: Incomplete

The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.

275 vulnerabilities reference this CWE, most recent first.

GHSA-QR8Q-6C25-RPPR

Vulnerability from github – Published: 2026-06-20 18:31 – Updated: 2026-06-20 18:31
VLAI
Details

Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password hash, establishing persistent account access after temporary session compromise.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-915"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-20T16:17:04Z",
    "severity": "MODERATE"
  },
  "details": "Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password hash, establishing persistent account access after temporary session compromise.",
  "id": "GHSA-qr8q-6c25-rppr",
  "modified": "2026-06-20T18:31:29Z",
  "published": "2026-06-20T18:31:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-59fh-9f3p-7m39"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56276"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/flowise-mass-assignment-in-put-api-v1-user-allows-password-hash-override"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-R659-8XFP-J327

Vulnerability from github – Published: 2021-09-07 23:09 – Updated: 2023-09-07 18:40
VLAI
Summary
objection.js Prototype Pollution vulnerability
Details

objection.js prior to version 2.2.16 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). This issue is patched in version 2.2.16.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "objection"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3766"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-07T19:01:54Z",
    "nvd_published_at": "2021-09-06T12:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "objection.js prior to version 2.2.16 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027). This issue is patched in version 2.2.16.",
  "id": "GHSA-r659-8xfp-j327",
  "modified": "2023-09-07T18:40:01Z",
  "published": "2021-09-07T23:09:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3766"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Vincit/objection.js/commit/46b842a6bc897198b83f41ac85c92864b991d7e9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vincit/objection.js/commit/b41aab8dcd78f426f7468dcda541a7aca18a66a6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vincit/objection.js"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "objection.js Prototype Pollution vulnerability"
}

GHSA-R9W3-G83Q-M6HQ

Vulnerability from github – Published: 2022-04-01 17:26 – Updated: 2022-04-13 16:28
VLAI
Summary
Prototype Pollution in deepmerge-ts
Details

deepmerge-ts is used to merge 2 or more objects respecting type information. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). A fix was released in version 4.0.2. Currently, there is no known workaround.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "deepmerge-ts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-01T17:26:03Z",
    "nvd_published_at": "2022-04-01T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "deepmerge-ts is used to merge 2 or more objects respecting type information. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). A fix was released in version 4.0.2. Currently, there is no known workaround.",
  "id": "GHSA-r9w3-g83q-m6hq",
  "modified": "2022-04-13T16:28:10Z",
  "published": "2022-04-01T17:26:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/RebeccaStevens/deepmerge-ts/security/advisories/GHSA-r9w3-g83q-m6hq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24802"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RebeccaStevens/deepmerge-ts/commit/b39f1a93d9e1c3541bd2fe159fd696a16dbe1c72"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RebeccaStevens/deepmerge-ts/commit/d637db7e4fb2bfb113cb4bc1c85a125936d7081b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/RebeccaStevens/deepmerge-ts"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in deepmerge-ts"
}

GHSA-RGVG-3WPC-H44P

Vulnerability from github – Published: 2026-06-22 23:20 – Updated: 2026-06-22 23:20
VLAI
Summary
Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override
Details

Summary

The webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger() allows an attacker to overwrite the internal appId property by including it in the webhook POST body. When the automation is processed asynchronously (the default path for webhooks without a collect step), the worker executes the attacker-defined automation in the context of the victim's workspace, granting full read/write access to the victim's database.

Details

The webhook trigger route is registered as a public endpoint with no authentication:

// packages/server/src/api/routes/webhook.ts:12
publicRoutes.post("/api/webhooks/trigger/:instance/:id", controller.trigger)

The controller passes the raw request body as fields alongside the server-derived appId:

// packages/server/src/api/controllers/webhook.ts:142-148
await triggers.externalTrigger(target, {
  fields: {
    ...ctx.request.body,  // attacker-controlled
    body: ctx.request.body,
  },
  appId: prodAppId,       // server-controlled
})

In externalTrigger(), for webhook-triggered automations, params.fields is spread back into params:

// packages/server/src/automations/triggers.ts:237-241
params = {
  ...params,          // appId: prodAppId (server-controlled)
  ...params.fields,   // appId: VICTIM_ID (attacker-controlled, overwrites above)
  fields: {},
}

Because params.fields is spread after params, any key in the attacker's body overwrites the corresponding property in params. An attacker including "appId": "app_VICTIM_WORKSPACE_ID" in the POST body overwrites the legitimate, server-derived appId.

The contaminated params become data.event and are queued asynchronously:

// packages/server/src/automations/triggers.ts:244,271
const data: AutomationData = { automation, event: params }
// ...
return quotas.addAction(() => automationQueue.add(data, JOB_OPTS))

The async worker uses job.data.event.appId to set the workspace context:

// packages/server/src/threads/automation.ts:917,929-930
const workspaceId = job.data.event.appId  // attacker-controlled
// ...
return await context.doInAutomationContext({
  workspaceId,  // victim's workspace
  automationId,
  task: async () => { /* automation steps run here */ }
})

The synchronous path (for webhooks with a collect step) correctly overwrites appId at triggers.ts:264:

data.event = {
  ...data.event,
  appId: context.getWorkspaceId(),  // server-controlled fix
  automation,
}

This proves the developers intended appId to be server-controlled but missed applying the same fix to the async path, which is the default for all webhooks without a collect step.

PoC

Prerequisites: Attacker has builder access to their own Budibase workspace and knows a victim workspace ID (format: app_<uuid>).

Step 1: Attacker creates an automation in their own workspace with a webhook trigger and data-exfiltration steps (e.g., Query Rows → Execute Script to send data externally).

Step 2: Attacker creates a webhook for that automation and notes the webhook URL:

POST /api/webhooks/trigger/<ATTACKER_INSTANCE>/<WEBHOOK_ID>

Step 3: Attacker triggers the webhook with the victim's workspace ID injected into the body:

curl -X POST https://budibase.example.com/api/webhooks/trigger/app_ATTACKER_ID/wh_WEBHOOK_ID \
  -H 'Content-Type: application/json' \
  -d '{"appId": "app_VICTIM_WORKSPACE_ID", "normalData": "test"}'

Expected result: The automation defined in the attacker's workspace executes in the context of the victim's workspace. All database operations (Query Rows, Create Row, Delete Row, Execute Script, etc.) operate on the victim's data.

Additional overridable fields via the same mechanism: - timeout (automation.ts:443-444): override automation execution timeout - user (automation.ts:413,435): set user context for automation steps - metadata.automationChainCount (automation.ts:293): bypass chain depth limits

Impact

An attacker with builder access to their own Budibase workspace can execute arbitrary automations (of their own design) in the context of any other workspace on the same Budibase instance, provided they know the victim's workspace ID. This enables:

  • Full data exfiltration: Query Rows steps read all tables in the victim's workspace
  • Data manipulation: Create Row, Update Row, Delete Row steps modify victim data
  • Arbitrary code execution in victim context: Execute Script steps run JavaScript with access to victim's environment variables and database
  • Cross-tenant boundary violation: In multi-tenant deployments (Budibase Cloud), the tenant ID is derived from the workspace ID, so the attack crosses tenant boundaries

The attack requires no authentication (the webhook endpoint is public) and leaves minimal audit trail since the automation execution is attributed to the attacker's automation definition but runs in the victim's context.

Recommended Fix

In packages/server/src/automations/triggers.ts, apply the same appId fix that exists in the synchronous path to the async path as well. The fix should ensure appId is always server-controlled before queuing:

// packages/server/src/automations/triggers.ts:244-272
const data: AutomationData = { automation, event: params }

// ... trigger filter check ...

+ // Ensure appId is always server-controlled, not user-supplied
+ data.event.appId = context.getWorkspaceId()

if (getResponses) {
  data.event = {
    ...data.event,
    appId: context.getWorkspaceId(),
    automation,
  }
  return quotas.addAction(() =>
    executeInThread({ data } as AutomationJob, { onProgress })
  )
} else {
  return quotas.addAction(() => automationQueue.add(data, JOB_OPTS))
}

Alternatively, use an allowlist approach for the webhook field spread to prevent any internal property from being overwritten:

// packages/server/src/automations/triggers.ts:237-241
const { appId, timeout, user, metadata, ...safeFields } = params.fields
params = {
  ...params,
  ...safeFields,
  fields: {},
}
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@budibase/server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.39.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-22T23:20:20Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Summary\n\nThe webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in `externalTrigger()` allows an attacker to overwrite the internal `appId` property by including it in the webhook POST body. When the automation is processed asynchronously (the default path for webhooks without a collect step), the worker executes the attacker-defined automation in the context of the victim\u0027s workspace, granting full read/write access to the victim\u0027s database.\n\n## Details\n\nThe webhook trigger route is registered as a public endpoint with no authentication:\n\n```typescript\n// packages/server/src/api/routes/webhook.ts:12\npublicRoutes.post(\"/api/webhooks/trigger/:instance/:id\", controller.trigger)\n```\n\nThe controller passes the raw request body as `fields` alongside the server-derived `appId`:\n\n```typescript\n// packages/server/src/api/controllers/webhook.ts:142-148\nawait triggers.externalTrigger(target, {\n  fields: {\n    ...ctx.request.body,  // attacker-controlled\n    body: ctx.request.body,\n  },\n  appId: prodAppId,       // server-controlled\n})\n```\n\nIn `externalTrigger()`, for webhook-triggered automations, `params.fields` is spread back into `params`:\n\n```typescript\n// packages/server/src/automations/triggers.ts:237-241\nparams = {\n  ...params,          // appId: prodAppId (server-controlled)\n  ...params.fields,   // appId: VICTIM_ID (attacker-controlled, overwrites above)\n  fields: {},\n}\n```\n\nBecause `params.fields` is spread **after** `params`, any key in the attacker\u0027s body overwrites the corresponding property in `params`. An attacker including `\"appId\": \"app_VICTIM_WORKSPACE_ID\"` in the POST body overwrites the legitimate, server-derived `appId`.\n\nThe contaminated params become `data.event` and are queued asynchronously:\n\n```typescript\n// packages/server/src/automations/triggers.ts:244,271\nconst data: AutomationData = { automation, event: params }\n// ...\nreturn quotas.addAction(() =\u003e automationQueue.add(data, JOB_OPTS))\n```\n\nThe async worker uses `job.data.event.appId` to set the workspace context:\n\n```typescript\n// packages/server/src/threads/automation.ts:917,929-930\nconst workspaceId = job.data.event.appId  // attacker-controlled\n// ...\nreturn await context.doInAutomationContext({\n  workspaceId,  // victim\u0027s workspace\n  automationId,\n  task: async () =\u003e { /* automation steps run here */ }\n})\n```\n\nThe synchronous path (for webhooks with a collect step) correctly overwrites `appId` at `triggers.ts:264`:\n```typescript\ndata.event = {\n  ...data.event,\n  appId: context.getWorkspaceId(),  // server-controlled fix\n  automation,\n}\n```\n\nThis proves the developers intended `appId` to be server-controlled but missed applying the same fix to the async path, which is the default for all webhooks without a collect step.\n\n## PoC\n\n**Prerequisites:** Attacker has builder access to their own Budibase workspace and knows a victim workspace ID (format: `app_\u003cuuid\u003e`).\n\n**Step 1:** Attacker creates an automation in their own workspace with a webhook trigger and data-exfiltration steps (e.g., Query Rows \u2192 Execute Script to send data externally).\n\n**Step 2:** Attacker creates a webhook for that automation and notes the webhook URL:\n```\nPOST /api/webhooks/trigger/\u003cATTACKER_INSTANCE\u003e/\u003cWEBHOOK_ID\u003e\n```\n\n**Step 3:** Attacker triggers the webhook with the victim\u0027s workspace ID injected into the body:\n\n```bash\ncurl -X POST https://budibase.example.com/api/webhooks/trigger/app_ATTACKER_ID/wh_WEBHOOK_ID \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"appId\": \"app_VICTIM_WORKSPACE_ID\", \"normalData\": \"test\"}\u0027\n```\n\n**Expected result:** The automation defined in the attacker\u0027s workspace executes in the context of the victim\u0027s workspace. All database operations (Query Rows, Create Row, Delete Row, Execute Script, etc.) operate on the victim\u0027s data.\n\n**Additional overridable fields via the same mechanism:**\n- `timeout` (`automation.ts:443-444`): override automation execution timeout\n- `user` (`automation.ts:413,435`): set user context for automation steps\n- `metadata.automationChainCount` (`automation.ts:293`): bypass chain depth limits\n\n## Impact\n\nAn attacker with builder access to their own Budibase workspace can execute arbitrary automations (of their own design) in the context of any other workspace on the same Budibase instance, provided they know the victim\u0027s workspace ID. This enables:\n\n- **Full data exfiltration**: Query Rows steps read all tables in the victim\u0027s workspace\n- **Data manipulation**: Create Row, Update Row, Delete Row steps modify victim data\n- **Arbitrary code execution in victim context**: Execute Script steps run JavaScript with access to victim\u0027s environment variables and database\n- **Cross-tenant boundary violation**: In multi-tenant deployments (Budibase Cloud), the tenant ID is derived from the workspace ID, so the attack crosses tenant boundaries\n\nThe attack requires no authentication (the webhook endpoint is public) and leaves minimal audit trail since the automation execution is attributed to the attacker\u0027s automation definition but runs in the victim\u0027s context.\n\n## Recommended Fix\n\nIn `packages/server/src/automations/triggers.ts`, apply the same `appId` fix that exists in the synchronous path to the async path as well. The fix should ensure `appId` is always server-controlled before queuing:\n\n```typescript\n// packages/server/src/automations/triggers.ts:244-272\nconst data: AutomationData = { automation, event: params }\n\n// ... trigger filter check ...\n\n+ // Ensure appId is always server-controlled, not user-supplied\n+ data.event.appId = context.getWorkspaceId()\n\nif (getResponses) {\n  data.event = {\n    ...data.event,\n    appId: context.getWorkspaceId(),\n    automation,\n  }\n  return quotas.addAction(() =\u003e\n    executeInThread({ data } as AutomationJob, { onProgress })\n  )\n} else {\n  return quotas.addAction(() =\u003e automationQueue.add(data, JOB_OPTS))\n}\n```\n\nAlternatively, use an allowlist approach for the webhook field spread to prevent any internal property from being overwritten:\n\n```typescript\n// packages/server/src/automations/triggers.ts:237-241\nconst { appId, timeout, user, metadata, ...safeFields } = params.fields\nparams = {\n  ...params,\n  ...safeFields,\n  fields: {},\n}\n```",
  "id": "GHSA-rgvg-3wpc-h44p",
  "modified": "2026-06-22T23:20:20Z",
  "published": "2026-06-22T23:20:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Budibase/budibase/security/advisories/GHSA-rgvg-3wpc-h44p"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Budibase/budibase"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override"
}

GHSA-RJF2-J2R6-Q8GR

Vulnerability from github – Published: 2021-10-19 15:28 – Updated: 2021-10-19 14:18
VLAI
Summary
Prototype Pollution in vm2
Details

This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "vm2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.9.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23449"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-19T14:18:05Z",
    "nvd_published_at": "2021-10-18T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine.",
  "id": "GHSA-rjf2-j2r6-q8gr",
  "modified": "2021-10-19T14:18:05Z",
  "published": "2021-10-19T15:28:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23449"
    },
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/issues/363"
    },
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/commit/b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/patriksimek/vm2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/releases/tag/3.9.4"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20211029-0010"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-VM2-1585918"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in vm2"
}

GHSA-RJMP-VJF2-QF4G

Vulnerability from github – Published: 2026-05-14 20:26 – Updated: 2026-05-15 23:55
VLAI
Summary
Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
Details

Mass Assignment in Feedback Creation Allows User ID Spoofing and Evaluation Data Manipulation

Summary

The POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses model_config = ConfigDict(extra='allow'). Due to an insecure dictionary merge order in insert_new_feedback(), an authenticated attacker can inject a user_id field in the request body that overwrites the server-derived value, creating feedback records attributed to any arbitrary user. This corrupts the model evaluation leaderboard (Elo ratings) and enables identity spoofing.

Details

The vulnerability exists in two layers:

1. Model Layer — Insecure Dict Merge Order

File: backend/open_webui/models/feedbacks.py, lines 148–160

async def insert_new_feedback(
    self, user_id: str, form_data: FeedbackForm, db: Optional[AsyncSession] = None
) -> Optional[FeedbackModel]:
    async with get_async_db_context(db) as db:
        id = str(uuid.uuid4())
        feedback = FeedbackModel(
            **{
                'id': id,
                'user_id': user_id,       # ← Server-set from auth token
                'version': 0,
                **form_data.model_dump(),  # ← OVERWRITES 'id', 'user_id', 'version'
                'created_at': int(time.time()),
                'updated_at': int(time.time()),
            }
        )

In Python, when a dictionary literal contains duplicate keys, the last value wins. Since **form_data.model_dump() appears after 'user_id': user_id, any user_id field in the form data overwrites the authenticated user's ID.

2. Schema Layer — extra='allow' on Request Form

File: backend/open_webui/models/feedbacks.py, line 106

class FeedbackForm(BaseModel):
    type: str
    data: Optional[RatingData] = None
    meta: Optional[dict] = None
    snapshot: Optional[SnapshotData] = None
    model_config = ConfigDict(extra='allow')  # ← Accepts arbitrary extra fields

The extra='allow' config means Pydantic will accept and preserve any extra fields in the request body, including user_id, id, and version. These are then spread into the FeedbackModel constructor, overwriting server-set values.

Contrast with Secure Pattern

Other models in the same codebase use the correct ordering. For example, backend/open_webui/models/functions.py, line 120:

function = FunctionModel(**{
    **form_data.model_dump(),   # ← Spread FIRST
    'user_id': user_id,         # ← Server value AFTER → always wins
})

And ModelForm at backend/open_webui/models/models.py uses extra='ignore', which is the strictest approach.

Impact

1. User Identity Spoofing

An attacker can create feedback records attributed to any user by specifying their user_id. The admin export endpoint (GET /api/v1/evaluations/feedbacks/export) and admin list (GET /api/v1/evaluations/feedbacks/all) will show the spoofed user_id as the feedback author.

2. Model Evaluation Leaderboard Manipulation

The Elo rating system at backend/open_webui/routers/evaluations.py computes model rankings directly from feedback records. An attacker can inject fake rating feedback to: - Artificially inflate ratings for a specific model - Deflate ratings for competitor models - Make organizational model evaluation decisions unreliable

3. Record ID Control

By injecting a custom id, an attacker controls the UUID of the feedback record. While this won't overwrite existing records (primary key constraint), it enables predictable record IDs that could be useful in other attack chains.

PoC

import requests

BASE_URL = "http://localhost:8080"

# 1. Login as attacker
session = requests.Session()
login_resp = session.post(f"{BASE_URL}/api/v1/auths/signin", json={
    "email": "attacker@example.com",
    "password": "attackerpass"
})
token = login_resp.json()["token"]
headers = {"Authorization": f"Bearer {token}"}

# 2. Create feedback attributed to a different user (victim)
VICTIM_USER_ID = "12345678-aaaa-bbbb-cccc-000000000000"

resp = session.post(
    f"{BASE_URL}/api/v1/evaluations/feedback",
    headers=headers,
    json={
        "type": "rating",
        "data": {
            "model_id": "gpt-4o",
            "rating": 1,
            "sibling_model_ids": ["claude-3-opus"],
        },
        # Mass assignment: these extra fields are accepted due to extra='allow'
        # and overwrite server-set values due to dict merge order
        "user_id": VICTIM_USER_ID,  # Overwrites authenticated user ID
        "version": 999,             # Overwrites default version
    }
)

feedback = resp.json()
print(f"Feedback created with user_id: {feedback['user_id']}")
# Expected: attacker's own user_id
# Actual: VICTIM_USER_ID (12345678-aaaa-bbbb-cccc-000000000000)
assert feedback["user_id"] == VICTIM_USER_ID, "Mass assignment successful!"

Severity

CVSS 3.1: 5.4 (Medium) — CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low (any authenticated user)
  • User Interaction: None
  • Impact: Integrity (feedback data falsification) + limited Availability (leaderboard reliability)

Suggested Remediation

Option 1: Fix dict merge order (minimal fix)

feedback = FeedbackModel(
    **{
        **form_data.model_dump(),   # Spread FIRST
        'id': id,                    # Server values AFTER (always win)
        'user_id': user_id,
        'version': 0,
        'created_at': int(time.time()),
        'updated_at': int(time.time()),
    }
)

Option 2: Remove extra='allow' from FeedbackForm (recommended)

class FeedbackForm(BaseModel):
    type: str
    data: Optional[RatingData] = None
    meta: Optional[dict] = None
    snapshot: Optional[SnapshotData] = None
    model_config = ConfigDict(extra='ignore')  # Reject unexpected fields

Option 3: Explicit field assignment (most secure)

feedback = FeedbackModel(
    id=str(uuid.uuid4()),
    user_id=user_id,
    version=0,
    type=form_data.type,
    data=form_data.data.model_dump() if form_data.data else {},
    meta=form_data.meta or {},
    snapshot=form_data.snapshot.model_dump() if form_data.snapshot else {},
    created_at=int(time.time()),
    updated_at=int(time.time()),
)

Affected Versions

  • v0.9.2 (current latest, confirmed vulnerable)
  • Likely all versions since feedback/evaluation feature was introduced

References

  • Prior advisory: "Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts" (patched in v0.9.0) — same root cause class, different endpoint
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "open-webui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45396"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-14T20:26:18Z",
    "nvd_published_at": "2026-05-15T21:16:37Z",
    "severity": "MODERATE"
  },
  "details": "# Mass Assignment in Feedback Creation Allows User ID Spoofing and Evaluation Data Manipulation\n\n## Summary\n\nThe `POST /api/v1/evaluations/feedback` endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via `FeedbackForm`, which uses `model_config = ConfigDict(extra=\u0027allow\u0027)`. Due to an insecure dictionary merge order in `insert_new_feedback()`, an authenticated attacker can inject a `user_id` field in the request body that overwrites the server-derived value, creating feedback records attributed to any arbitrary user. This corrupts the model evaluation leaderboard (Elo ratings) and enables identity spoofing.\n\n## Details\n\nThe vulnerability exists in two layers:\n\n### 1. Model Layer \u2014 Insecure Dict Merge Order\n\n**File:** `backend/open_webui/models/feedbacks.py`, lines 148\u2013160\n\n```python\nasync def insert_new_feedback(\n    self, user_id: str, form_data: FeedbackForm, db: Optional[AsyncSession] = None\n) -\u003e Optional[FeedbackModel]:\n    async with get_async_db_context(db) as db:\n        id = str(uuid.uuid4())\n        feedback = FeedbackModel(\n            **{\n                \u0027id\u0027: id,\n                \u0027user_id\u0027: user_id,       # \u2190 Server-set from auth token\n                \u0027version\u0027: 0,\n                **form_data.model_dump(),  # \u2190 OVERWRITES \u0027id\u0027, \u0027user_id\u0027, \u0027version\u0027\n                \u0027created_at\u0027: int(time.time()),\n                \u0027updated_at\u0027: int(time.time()),\n            }\n        )\n```\n\nIn Python, when a dictionary literal contains duplicate keys, the **last value wins**. Since `**form_data.model_dump()` appears after `\u0027user_id\u0027: user_id`, any `user_id` field in the form data overwrites the authenticated user\u0027s ID.\n\n### 2. Schema Layer \u2014 `extra=\u0027allow\u0027` on Request Form\n\n**File:** `backend/open_webui/models/feedbacks.py`, line 106\n\n```python\nclass FeedbackForm(BaseModel):\n    type: str\n    data: Optional[RatingData] = None\n    meta: Optional[dict] = None\n    snapshot: Optional[SnapshotData] = None\n    model_config = ConfigDict(extra=\u0027allow\u0027)  # \u2190 Accepts arbitrary extra fields\n```\n\nThe `extra=\u0027allow\u0027` config means Pydantic will accept and preserve any extra fields in the request body, including `user_id`, `id`, and `version`. These are then spread into the `FeedbackModel` constructor, overwriting server-set values.\n\n### Contrast with Secure Pattern\n\nOther models in the same codebase use the correct ordering. For example, `backend/open_webui/models/functions.py`, line 120:\n\n```python\nfunction = FunctionModel(**{\n    **form_data.model_dump(),   # \u2190 Spread FIRST\n    \u0027user_id\u0027: user_id,         # \u2190 Server value AFTER \u2192 always wins\n})\n```\n\nAnd `ModelForm` at `backend/open_webui/models/models.py` uses `extra=\u0027ignore\u0027`, which is the strictest approach.\n\n## Impact\n\n### 1. User Identity Spoofing\nAn attacker can create feedback records attributed to any user by specifying their `user_id`. The admin export endpoint (`GET /api/v1/evaluations/feedbacks/export`) and admin list (`GET /api/v1/evaluations/feedbacks/all`) will show the spoofed `user_id` as the feedback author.\n\n### 2. Model Evaluation Leaderboard Manipulation\nThe Elo rating system at `backend/open_webui/routers/evaluations.py` computes model rankings directly from feedback records. An attacker can inject fake rating feedback to:\n- Artificially inflate ratings for a specific model\n- Deflate ratings for competitor models\n- Make organizational model evaluation decisions unreliable\n\n### 3. Record ID Control\nBy injecting a custom `id`, an attacker controls the UUID of the feedback record. While this won\u0027t overwrite existing records (primary key constraint), it enables predictable record IDs that could be useful in other attack chains.\n\n## PoC\n\n```python\nimport requests\n\nBASE_URL = \"http://localhost:8080\"\n\n# 1. Login as attacker\nsession = requests.Session()\nlogin_resp = session.post(f\"{BASE_URL}/api/v1/auths/signin\", json={\n    \"email\": \"attacker@example.com\",\n    \"password\": \"attackerpass\"\n})\ntoken = login_resp.json()[\"token\"]\nheaders = {\"Authorization\": f\"Bearer {token}\"}\n\n# 2. Create feedback attributed to a different user (victim)\nVICTIM_USER_ID = \"12345678-aaaa-bbbb-cccc-000000000000\"\n\nresp = session.post(\n    f\"{BASE_URL}/api/v1/evaluations/feedback\",\n    headers=headers,\n    json={\n        \"type\": \"rating\",\n        \"data\": {\n            \"model_id\": \"gpt-4o\",\n            \"rating\": 1,\n            \"sibling_model_ids\": [\"claude-3-opus\"],\n        },\n        # Mass assignment: these extra fields are accepted due to extra=\u0027allow\u0027\n        # and overwrite server-set values due to dict merge order\n        \"user_id\": VICTIM_USER_ID,  # Overwrites authenticated user ID\n        \"version\": 999,             # Overwrites default version\n    }\n)\n\nfeedback = resp.json()\nprint(f\"Feedback created with user_id: {feedback[\u0027user_id\u0027]}\")\n# Expected: attacker\u0027s own user_id\n# Actual: VICTIM_USER_ID (12345678-aaaa-bbbb-cccc-000000000000)\nassert feedback[\"user_id\"] == VICTIM_USER_ID, \"Mass assignment successful!\"\n```\n\n## Severity\n\n**CVSS 3.1:** 5.4 (Medium) \u2014 `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L`\n\n- **Attack Vector:** Network\n- **Attack Complexity:** Low\n- **Privileges Required:** Low (any authenticated user)\n- **User Interaction:** None\n- **Impact:** Integrity (feedback data falsification) + limited Availability (leaderboard reliability)\n\n## Suggested Remediation\n\n### Option 1: Fix dict merge order (minimal fix)\n```python\nfeedback = FeedbackModel(\n    **{\n        **form_data.model_dump(),   # Spread FIRST\n        \u0027id\u0027: id,                    # Server values AFTER (always win)\n        \u0027user_id\u0027: user_id,\n        \u0027version\u0027: 0,\n        \u0027created_at\u0027: int(time.time()),\n        \u0027updated_at\u0027: int(time.time()),\n    }\n)\n```\n\n### Option 2: Remove `extra=\u0027allow\u0027` from FeedbackForm (recommended)\n```python\nclass FeedbackForm(BaseModel):\n    type: str\n    data: Optional[RatingData] = None\n    meta: Optional[dict] = None\n    snapshot: Optional[SnapshotData] = None\n    model_config = ConfigDict(extra=\u0027ignore\u0027)  # Reject unexpected fields\n```\n\n### Option 3: Explicit field assignment (most secure)\n```python\nfeedback = FeedbackModel(\n    id=str(uuid.uuid4()),\n    user_id=user_id,\n    version=0,\n    type=form_data.type,\n    data=form_data.data.model_dump() if form_data.data else {},\n    meta=form_data.meta or {},\n    snapshot=form_data.snapshot.model_dump() if form_data.snapshot else {},\n    created_at=int(time.time()),\n    updated_at=int(time.time()),\n)\n```\n\n## Affected Versions\n\n- v0.9.2 (current latest, confirmed vulnerable)\n- Likely all versions since feedback/evaluation feature was introduced\n\n## References\n\n- Prior advisory: \"Mass Assignment via Pydantic extra=\u0027allow\u0027 Allows Creating Folders in Other Users\u0027 Accounts\" (patched in v0.9.0) \u2014 same root cause class, different endpoint",
  "id": "GHSA-rjmp-vjf2-qf4g",
  "modified": "2026-05-15T23:55:14Z",
  "published": "2026-05-14T20:26:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-rjmp-vjf2-qf4g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45396"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/open-webui/open-webui"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/releases/tag/v0.9.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation"
}

GHSA-RP28-MVQ3-WF8J

Vulnerability from github – Published: 2025-03-14 15:32 – Updated: 2025-03-19 15:32
VLAI
Summary
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
Details

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS

When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "camaleon_cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-2304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-17T14:34:48Z",
    "nvd_published_at": "2025-03-14T13:15:41Z",
    "severity": "CRITICAL"
  },
  "details": "A Privilege Escalation through a Mass Assignment exists in Camaleon CMS\n\nWhen a user wishes to change his password, the \u0027updated_ajax\u0027 method of the UsersController is called. The vulnerability stems from the use of the dangerous permit!\u00a0method, which allows all parameters to pass through without any filtering.",
  "id": "GHSA-rp28-mvq3-wf8j",
  "modified": "2025-03-19T15:32:04Z",
  "published": "2025-03-14T15:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2304"
    },
    {
      "type": "WEB",
      "url": "https://github.com/owen2345/camaleon-cms/pull/1109"
    },
    {
      "type": "WEB",
      "url": "https://github.com/owen2345/camaleon-cms/commit/179fd6b1ecf258d3e214aebfa87ac4a322ea4db4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/owen2345/camaleon-cms"
    },
    {
      "type": "WEB",
      "url": "https://github.com/owen2345/camaleon-cms/releases/tag/2.9.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2025-2304.yml"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2025-09"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment"
}

GHSA-RP7V-4384-HFRP

Vulnerability from github – Published: 2026-04-24 16:37 – Updated: 2026-04-24 16:37
VLAI
Summary
k8sGPT has Prompt Injection through its k8sGPT-Operator
Details

Summary

In the auto-remediation pipeline, object_to_execution.go was deserializing the AI-generated YAML directly into a Deployment object, but there was lack of validation from the original Deployment object.

Details

This issue was fixed after coordination with Alex Jones.

PoC

To minimize the impact, the PoC of this vulnerability wasn't released, but was shared with the maintainers.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/k8sgpt-ai/k8sgpt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-502",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-24T16:37:12Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nIn the auto-remediation pipeline, `object_to_execution.go` was deserializing the AI-generated YAML directly into a Deployment object, but there was lack of validation from the original Deployment object.\n\n### Details\nThis issue was fixed after coordination with Alex Jones.\n\n### PoC\nTo minimize the impact, the PoC of this vulnerability wasn\u0027t released, but was shared with the maintainers.",
  "id": "GHSA-rp7v-4384-hfrp",
  "modified": "2026-04-24T16:37:12Z",
  "published": "2026-04-24T16:37:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/k8sgpt-ai/k8sgpt/security/advisories/GHSA-rp7v-4384-hfrp"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/k8sgpt-ai/k8sgpt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "k8sGPT has Prompt Injection through its k8sGPT-Operator"
}

GHSA-RRQM-P222-8PH2

Vulnerability from github – Published: 2021-02-08 17:44 – Updated: 2022-05-26 19:58
VLAI
Summary
Prototype Pollution in Dynamoose
Details

Impact

In Dynamoose versions 2.0.0-2.6.0 there was a prototype pollution vulnerability in the internal utility method lib/utils/object/set.ts. This method is used throughout the codebase for various operations throughout Dynamoose.

We have not seen any evidence of this vulnerability being exploited.

We do not believe this issue impacts v1.x.x since this method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions.

Patches

v2.7.0 includes a patch for this vulnerability.

Workarounds

We are unaware of any workarounds to patch this vulnerability other than upgrading to v2.7.0 or greater.

References

  • Patch commit hash: 324c62b4709204955931a187362f8999805b1d8e

For more information

If you have any questions or comments about this advisory:

Credit

  • GitHub CodeQL Code Scanning
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "dynamoose"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-02-08T17:43:18Z",
    "nvd_published_at": "2021-02-08T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nIn Dynamoose versions 2.0.0-2.6.0 there was a prototype pollution vulnerability in the internal utility method [`lib/utils/object/set.ts`](https://github.com/dynamoose/dynamoose/blob/master/lib/utils/object/set.ts). This method is used throughout the codebase for various operations throughout Dynamoose.\n\nWe have not seen any evidence of this vulnerability being exploited.\n\nWe do not believe this issue impacts v1.x.x since this method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions.\n\n### Patches\n\nv2.7.0 includes a patch for this vulnerability.\n\n### Workarounds\n\nWe are unaware of any workarounds to patch this vulnerability other than upgrading to v2.7.0 or greater.\n\n### References\n\n- Patch commit hash: 324c62b4709204955931a187362f8999805b1d8e\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Contact me](https://charlie.fish/contact)\n* [Read our Security Policy](https://github.com/dynamoose/dynamoose/blob/master/SECURITY.md)\n\n### Credit\n\n- GitHub CodeQL Code Scanning",
  "id": "GHSA-rrqm-p222-8ph2",
  "modified": "2022-05-26T19:58:25Z",
  "published": "2021-02-08T17:44:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dynamoose/dynamoose/security/advisories/GHSA-rrqm-p222-8ph2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21304"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dynamoose/dynamoose/commit/324c62b4709204955931a187362f8999805b1d8e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dynamoose/dynamoose"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dynamoose/dynamoose/releases/tag/v2.7.0"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/dynamoose"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in Dynamoose"
}

GHSA-RV28-58VF-V4PV

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-915"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-26T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.",
  "id": "GHSA-rv28-58vf-v4pv",
  "modified": "2022-05-13T01:22:59Z",
  "published": "2022-05-13T01:22:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9058"
    },
    {
      "type": "WEB",
      "url": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg"
    },
    {
      "type": "WEB",
      "url": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation
  • If available, use features of the language or framework that allow specification of allowlists of attributes or fields that are allowed to be modified. If possible, prefer allowlists over denylists.
  • For applications written with Ruby on Rails, use the attr_accessible (allowlist) or attr_protected (denylist) macros in each class that may be used in mass assignment.
Mitigation
Architecture and Design Implementation

If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.

Mitigation
Implementation

Strategy: Input Validation

For any externally-influenced input, check the input against an allowlist of internal object attributes or fields that are allowed to be modified.

Mitigation
Implementation Architecture and Design

Strategy: Refactoring

Refactor the code so that object attributes or fields do not need to be dynamically identified, and only expose getter/setter functionality for the intended attributes.

No CAPEC attack patterns related to this CWE.