Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
94 vulnerabilities by owasp
CVE-2026-42268 (GCVE-0-2026-42268)
Vulnerability from nvd – Published: 2026-05-12 21:40 – Updated: 2026-05-14 12:34
VLAI
EPSS
VEX
Title
ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators
Summary
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @verifySSN, @verifyCPF, or @verifySVNR. This vulnerability is fixed in 3.0.15.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| owasp-modsecurity | ModSecurity |
Affected:
>= 3.0.0, < 3.0.15
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42268",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T12:34:17.448480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T12:34:20.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-vwr3-7x7g-7p9w"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ModSecurity",
"vendor": "owasp-modsecurity",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @verifySSN, @verifyCPF, or @verifySVNR. This vulnerability is fixed in 3.0.15."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T21:40:19.031Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-vwr3-7x7g-7p9w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-vwr3-7x7g-7p9w"
}
],
"source": {
"advisory": "GHSA-vwr3-7x7g-7p9w",
"discovery": "UNKNOWN"
},
"title": "ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42268",
"datePublished": "2026-05-12T21:40:19.031Z",
"dateReserved": "2026-04-26T11:53:27.706Z",
"dateUpdated": "2026-05-14T12:34:20.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30923 (GCVE-0-2026-30923)
Vulnerability from nvd – Published: 2026-05-05 18:46 – Updated: 2026-05-05 19:21
VLAI
EPSS
VEX
Title
libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings
Summary
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. An attacker can exploit this to crash worker processes, causing a denial of service. Service resumes once the attack stops as worker processes recover from the segfault. All versions before 3.0.15 of libModSecurity3 are affected. This has been patched in version 3.0.15.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_CONFIRM |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| owasp-modsecurity | ModSecurity |
Affected:
< 3.0.15
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30923",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T19:20:55.329784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T19:21:08.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-qrjc-3jpc-3h2g"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ModSecurity",
"vendor": "owasp-modsecurity",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. An attacker can exploit this to crash worker processes, causing a denial of service. Service resumes once the attack stops as worker processes recover from the segfault. All versions before 3.0.15 of libModSecurity3 are affected. This has been patched in version 3.0.15."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T18:46:03.201Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-qrjc-3jpc-3h2g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-qrjc-3jpc-3h2g"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v3.0.15",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v3.0.15"
}
],
"source": {
"advisory": "GHSA-qrjc-3jpc-3h2g",
"discovery": "UNKNOWN"
},
"title": "libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30923",
"datePublished": "2026-05-05T18:46:03.201Z",
"dateReserved": "2026-03-07T16:40:05.884Z",
"dateUpdated": "2026-05-05T19:21:08.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40316 (GCVE-0-2026-40316)
Vulnerability from nvd – Published: 2026-04-15 22:49 – Updated: 2026-04-16 14:18
VLAI
EPSS
VEX
Title
OWASP BLT has RCE in Github Actions via untrusted Django model execution in workflow
Summary
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with full GITHUB_TOKEN write permissions, copies attacker-controlled files from untrusted pull requests into the trusted runner workspace via git show, and then executes python manage.py makemigrations, which imports Django model modules including attacker-controlled website/models.py at runtime. Any module-level Python code in the attacker's models.py is executed during import, enabling arbitrary code execution in the privileged CI environment with access to GITHUB_TOKEN and repository secrets. The attack is triggerable by any external contributor who can open a pull request, provided a maintainer applies the regenerate-migrations label, potentially leading to secret exfiltration, repository compromise, and supply chain attacks. A patch for this issue is expected to be released in version 2.1.1.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/OWASP-BLT/BLT/security/advisor… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40316",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T14:17:42.666326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T14:18:12.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BLT",
"vendor": "OWASP-BLT",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with full GITHUB_TOKEN write permissions, copies attacker-controlled files from untrusted pull requests into the trusted runner workspace via git show, and then executes python manage.py makemigrations, which imports Django model modules including attacker-controlled website/models.py at runtime. Any module-level Python code in the attacker\u0027s models.py is executed during import, enabling arbitrary code execution in the privileged CI environment with access to GITHUB_TOKEN and repository secrets. The attack is triggerable by any external contributor who can open a pull request, provided a maintainer applies the regenerate-migrations label, potentially leading to secret exfiltration, repository compromise, and supply chain attacks. A patch for this issue is expected to be released in version 2.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T22:49:18.636Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OWASP-BLT/BLT/security/advisories/GHSA-wxm3-64fx-cmx9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OWASP-BLT/BLT/security/advisories/GHSA-wxm3-64fx-cmx9"
}
],
"source": {
"advisory": "GHSA-wxm3-64fx-cmx9",
"discovery": "UNKNOWN"
},
"title": "OWASP BLT has RCE in Github Actions via untrusted Django model execution in workflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40316",
"datePublished": "2026-04-15T22:49:18.636Z",
"dateReserved": "2026-04-10T21:41:54.505Z",
"dateUpdated": "2026-04-16T14:18:12.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33691 (GCVE-0-2026-33691)
Vulnerability from nvd – Published: 2026-04-02 15:03 – Updated: 2026-04-18 19:16
VLAI
EPSS
VEX
Title
OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks
Summary
The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions (.php, .phar, .jsp, .jspx) by inserting whitespace padding in the filename (e.g. photo. php or shell.jsp ). The affected rules do not normalize whitespace before evaluating the file extension regex, so the dot-extension check fails to match. This issue has been patched in versions 3.3.9 and 4.25.0.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-178 - Improper Handling of Case Sensitivity
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/coreruleset/coreruleset/securi… | x_refsource_CONFIRM |
| https://github.com/coreruleset/coreruleset/pull/4546 | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/pull/4547 | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/pull/4548 | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/commit… | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/releas… | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/releas… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2026/03/29/2 | |
| http://seclists.org/fulldisclosure/2026/Apr/0 | |
| http://www.openwall.com/lists/oss-security/2026/04/18/4 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| coreruleset | coreruleset |
Affected:
< 3.3.9
Affected: >= 4.0.0-rc1, < 4.25.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-18T19:16:54.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/29/2"
},
{
"url": "http://seclists.org/fulldisclosure/2026/Apr/0"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/18/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T17:38:01.007742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T17:38:10.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coreruleset",
"vendor": "coreruleset",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.9"
},
{
"status": "affected",
"version": "\u003e= 4.0.0-rc1, \u003c 4.25.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions (.php, .phar, .jsp, .jspx) by inserting whitespace padding in the filename (e.g. photo. php or shell.jsp ). The affected rules do not normalize whitespace before evaluating the file extension regex, so the dot-extension check fails to match. This issue has been patched in versions 3.3.9 and 4.25.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-178",
"description": "CWE-178: Improper Handling of Case Sensitivity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T15:03:52.126Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w"
},
{
"name": "https://github.com/coreruleset/coreruleset/pull/4546",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/pull/4546"
},
{
"name": "https://github.com/coreruleset/coreruleset/pull/4547",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/pull/4547"
},
{
"name": "https://github.com/coreruleset/coreruleset/pull/4548",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/pull/4548"
},
{
"name": "https://github.com/coreruleset/coreruleset/commit/2a8c63512811c5dd74472becebb79a783e68ff02",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/commit/2a8c63512811c5dd74472becebb79a783e68ff02"
},
{
"name": "https://github.com/coreruleset/coreruleset/releases/tag/v3.3.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/releases/tag/v3.3.9"
},
{
"name": "https://github.com/coreruleset/coreruleset/releases/tag/v4.25.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/releases/tag/v4.25.0"
}
],
"source": {
"advisory": "GHSA-rw5f-9w43-gv2w",
"discovery": "UNKNOWN"
},
"title": "OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33691",
"datePublished": "2026-04-02T15:03:52.126Z",
"dateReserved": "2026-03-23T16:34:59.932Z",
"dateUpdated": "2026-04-18T19:16:54.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3816 (GCVE-0-2026-3816)
Vulnerability from nvd – Published: 2026-03-09 11:02 – Updated: 2026-03-09 17:25 X_Open Source
VLAI
EPSS
VEX
Title
OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service
Summary
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-404 - Denial of Service
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.349782 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.349782 | signaturepermissions-required |
| https://vuldb.com/?submit.769524 | third-party-advisory |
| https://github.com/henrrrychau/cve-bug-bounty/blo… | related |
| https://github.com/DefectDojo/django-DefectDojo/p… | issue-trackingpatch |
| https://github.com/henrrrychau/cve-bug-bounty/blo… | exploit |
| https://github.com/DefectDojo/django-DefectDojo/c… | patch |
| https://github.com/DefectDojo/django-DefectDojo/r… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OWASP | DefectDojo |
Affected:
2.55.0
Affected: 2.55.1 Affected: 2.55.2 Affected: 2.55.3 Affected: 2.55.4 Unaffected: 2.56.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3816",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T17:25:13.478167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T17:25:37.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SonarQubeParser/MSDefenderParser"
],
"product": "DefectDojo",
"vendor": "OWASP",
"versions": [
{
"status": "affected",
"version": "2.55.0"
},
{
"status": "affected",
"version": "2.55.1"
},
{
"status": "affected",
"version": "2.55.2"
},
{
"status": "affected",
"version": "2.55.3"
},
{
"status": "affected",
"version": "2.55.4"
},
{
"status": "unaffected",
"version": "2.56.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "h3nrrrych4u (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T11:02:10.662Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349782 | OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349782"
},
{
"name": "VDB-349782 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349782"
},
{
"name": "Submit #769524 | OWASP DefectDojo \u003c= 2.55.4 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769524"
},
{
"tags": [
"related"
],
"url": "https://github.com/henrrrychau/cve-bug-bounty/blob/main/dfdj_zip_bomb_dos_oom/dfdj_zip_bomb_dos_oom.md"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/pull/14408"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/henrrrychau/cve-bug-bounty/blob/main/dfdj_zip_bomb_dos_oom/dfdj_zip_bomb_dos_oom.md#supporting-materialreferences"
},
{
"tags": [
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/commit/e8f1e5131535b8fd80a7b1b3085d676295fdcd41"
},
{
"tags": [
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.56.0"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-03-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-08T18:28:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3816",
"datePublished": "2026-03-09T11:02:10.662Z",
"dateReserved": "2026-03-08T17:23:16.744Z",
"dateUpdated": "2026-03-09T17:25:37.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21876 (GCVE-0-2026-21876)
Vulnerability from nvd – Published: 2026-01-08 13:55 – Updated: 2026-04-09 15:41
VLAI
EPSS
VEX
Title
OWASP CRS has multipart bypass using multiple content-type parts
Summary
The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-794 - Incomplete Filtering of Multiple Instances of Special Elements
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/coreruleset/coreruleset/securi… | x_refsource_CONFIRM |
| https://github.com/coreruleset/coreruleset/commit… | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/commit… | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/releas… | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/releas… | x_refsource_MISC |
| https://github.com/daytriftnewgen/CVE-2026-21876 | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| coreruleset | coreruleset |
Affected:
< 4.22.0
Affected: < 3.3.8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T14:52:48.615550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:41:17.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/daytriftnewgen/CVE-2026-21876"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coreruleset",
"vendor": "coreruleset",
"versions": [
{
"status": "affected",
"version": "\u003c 4.22.0"
},
{
"status": "affected",
"version": "\u003c 3.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-794",
"description": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T13:55:37.102Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coreruleset/coreruleset/security/advisories/GHSA-36fv-25j3-r2c5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coreruleset/coreruleset/security/advisories/GHSA-36fv-25j3-r2c5"
},
{
"name": "https://github.com/coreruleset/coreruleset/commit/80d80473abf71bd49bf6d3c1ab221e3c74e4eb83",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/commit/80d80473abf71bd49bf6d3c1ab221e3c74e4eb83"
},
{
"name": "https://github.com/coreruleset/coreruleset/commit/9917985de09a6cf38b3261faf9105e909d67a7d6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/commit/9917985de09a6cf38b3261faf9105e909d67a7d6"
},
{
"name": "https://github.com/coreruleset/coreruleset/releases/tag/v3.3.8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/releases/tag/v3.3.8"
},
{
"name": "https://github.com/coreruleset/coreruleset/releases/tag/v4.22.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/releases/tag/v4.22.0"
}
],
"source": {
"advisory": "GHSA-36fv-25j3-r2c5",
"discovery": "UNKNOWN"
},
"title": "OWASP CRS has multipart bypass using multiple content-type parts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21876",
"datePublished": "2026-01-08T13:55:37.102Z",
"dateReserved": "2026-01-05T17:24:36.927Z",
"dateUpdated": "2026-04-09T15:41:17.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66022 (GCVE-0-2025-66022)
Vulnerability from nvd – Published: 2025-11-26 02:08 – Updated: 2025-11-26 15:13
VLAI
EPSS
VEX
Title
FACTION Unauthenticated Custom Extension Upload leads to RCE
Summary
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote code execution (RCE) on the host running Faction. Due to a missing authentication check on the /portal/AppStoreDashboard endpoint, an attacker can access the extension management UI and upload a malicious extension without any authentication, making this vulnerability exploitable by unauthenticated users. This issue has been patched in version 1.7.1.
Severity
9.7 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/factionsecurity/faction/securi… | x_refsource_CONFIRM |
| https://github.com/factionsecurity/faction/commit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| factionsecurity | faction |
Affected:
< 1.7.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66022",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T15:13:38.733818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T15:13:42.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/factionsecurity/faction/security/advisories/GHSA-xr72-2g43-586w"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "faction",
"vendor": "factionsecurity",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction\u2019s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote code execution (RCE) on the host running Faction. Due to a missing authentication check on the /portal/AppStoreDashboard endpoint, an attacker can access the extension management UI and upload a malicious extension without any authentication, making this vulnerability exploitable by unauthenticated users. This issue has been patched in version 1.7.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T02:08:14.805Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/factionsecurity/faction/security/advisories/GHSA-xr72-2g43-586w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/factionsecurity/faction/security/advisories/GHSA-xr72-2g43-586w"
},
{
"name": "https://github.com/factionsecurity/faction/commit/c6389f1c76175b7c1c68d1a87b389311b16c62c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/factionsecurity/faction/commit/c6389f1c76175b7c1c68d1a87b389311b16c62c3"
}
],
"source": {
"advisory": "GHSA-xr72-2g43-586w",
"discovery": "UNKNOWN"
},
"title": "FACTION Unauthenticated Custom Extension Upload leads to RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66022",
"datePublished": "2025-11-26T02:08:14.805Z",
"dateReserved": "2025-11-21T01:08:02.613Z",
"dateUpdated": "2025-11-26T15:13:42.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66021 (GCVE-0-2025-66021)
Vulnerability from nvd – Published: 2025-11-26 01:53 – Updated: 2025-11-26 15:16
VLAI
EPSS
VEX
Title
OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization
Summary
OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style tags with allowTextIn inside the style tag. This could lead to XSS if the payload is crafted in such a way that it does not sanitise the CSS and allows tags which is not mentioned in HTML policy. At time of publication no known patch is available.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/OWASP/java-html-sanitizer/secu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OWASP | java-html-sanitizer |
Affected:
= 20240325.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T15:15:53.738095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T15:16:17.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "java-html-sanitizer",
"vendor": "OWASP",
"versions": [
{
"status": "affected",
"version": "= 20240325.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style tags with allowTextIn inside the style tag. This could lead to XSS if the payload is crafted in such a way that it does not sanitise the CSS and allows tags which is not mentioned in HTML policy. At time of publication no known patch is available."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T01:53:37.578Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2"
}
],
"source": {
"advisory": "GHSA-g9gq-3pfx-2gw2",
"discovery": "UNKNOWN"
},
"title": "OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66021",
"datePublished": "2025-11-26T01:53:37.578Z",
"dateReserved": "2025-11-21T01:08:02.613Z",
"dateUpdated": "2025-11-26T15:16:17.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54571 (GCVE-0-2025-54571)
Vulnerability from nvd – Published: 2025-08-05 23:39 – Updated: 2025-11-03 18:13
VLAI
EPSS
VEX
Title
ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure
Summary
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11
and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-252 - Unchecked Return Value
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_CONFIRM |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| owasp-modsecurity | ModSecurity |
Affected:
< 2.9.12
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54571",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T20:31:25.327927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T20:31:40.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:36.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ModSecurity",
"vendor": "owasp-modsecurity",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11\nand below, an attacker can override the HTTP response\u2019s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252: Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T23:39:40.712Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/issues/2514",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/issues/2514"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/commit/6d7e8eb18f2d7d368fb8e29516fcdeaeb8d349b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/commit/6d7e8eb18f2d7d368fb8e29516fcdeaeb8d349b8"
}
],
"source": {
"advisory": "GHSA-cg44-9m43-3f9v",
"discovery": "UNKNOWN"
},
"title": "ModSecurity\u0027s Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54571",
"datePublished": "2025-08-05T23:39:40.712Z",
"dateReserved": "2025-07-25T16:19:16.090Z",
"dateUpdated": "2025-11-03T18:13:36.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48866 (GCVE-0-2025-48866)
Vulnerability from nvd – Published: 2025-06-02 15:46 – Updated: 2025-06-09 15:03
VLAI
EPSS
VEX
Title
ModSecurity has possible DoS vulnerability in sanitiseArg action
Summary
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1050 - Excessive Platform Resource Consumption within a Loop
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_CONFIRM |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| owasp-modsecurity | ModSecurity |
Affected:
< 2.9.10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48866",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T15:52:43.836965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:54:25.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-09T15:03:29.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ModSecurity",
"vendor": "owasp-modsecurity",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1050",
"description": "CWE-1050: Excessive Platform Resource Consumption within a Loop",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:46:19.909Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-f82j-8pp7-cw2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-f82j-8pp7-cw2w"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#sanitisearg",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#sanitisearg"
}
],
"source": {
"advisory": "GHSA-f82j-8pp7-cw2w",
"discovery": "UNKNOWN"
},
"title": "ModSecurity has possible DoS vulnerability in sanitiseArg action"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48866",
"datePublished": "2025-06-02T15:46:19.909Z",
"dateReserved": "2025-05-27T20:14:34.294Z",
"dateUpdated": "2025-06-09T15:03:29.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48171 (GCVE-0-2023-48171)
Vulnerability from nvd – Published: 2024-08-12 00:00 – Updated: 2024-08-13 18:29
VLAI
EPSS
VEX
Summary
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| owasp | defectdojo |
Affected:
0 , < 1.5.3.1
(custom)
cpe:2.3:a:owasp:defectdojo:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:owasp:defectdojo:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "defectdojo",
"vendor": "owasp",
"versions": [
{
"lessThan": "1.5.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-48171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:26:08.493674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T18:29:24.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:16:16.417Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gccybermonks.com/posts/defectdojo/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48171",
"datePublished": "2024-08-12T00:00:00.000Z",
"dateReserved": "2023-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-13T18:29:24.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1019 (GCVE-0-2024-1019)
Vulnerability from nvd – Published: 2024-01-30 16:09 – Updated: 2025-06-17 21:29
VLAI
EPSS
VEX
Title
WAF bypass of the ModSecurity v3 release line
Summary
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OWASP ModSecurity | ModSecurity |
Affected:
3.0.0 , ≤ 3.0.11
(patch)
|
Date Public
2024-01-30 15:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T16:02:00.926887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:18.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://modsecurity.digitalwave.hu",
"defaultStatus": "unaffected",
"product": "ModSecurity",
"repo": "https://github.com/owasp-modsecurity/ModSecurity",
"vendor": "OWASP ModSecurity",
"versions": [
{
"lessThanOrEqual": "3.0.11",
"status": "affected",
"version": "3.0.0",
"versionType": "patch"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For this vulnerability to be exploitable, the application has to use path components of the URI to construct queries, such as SQL queries or shell script sequence. Both are considered risky behaviors.\u003cbr\u003e"
}
],
"value": "For this vulnerability to be exploitable, the application has to use path components of the URI to construct queries, such as SQL queries or shell script sequence. Both are considered risky behaviors."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Menin @AndreaTheMiddle \u003chttps://github.com/theMiddleBlue\u003e"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Matteo Pace @M4tteoP \u003chttps://github.com/M4tteoP\u003e"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Max Leske \u003chttps://github.com/theseion\u003e"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ervin Heged\u00fcs @airween \u003chttps://github.com/airween\u003e"
}
],
"datePublic": "2024-01-30T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-152",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-152"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T02:06:01.785Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to ModSecurity 3.0.12.\u003cbr\u003e"
}
],
"value": "Upgrade to ModSecurity 3.0.12."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-11-13T00:00:00.000Z",
"value": "OWASP CRS submits report to Trustwave Spiderlabs, includes SQLi proof of concept"
},
{
"lang": "en",
"time": "2023-11-14T00:00:00.000Z",
"value": "Trustwave Spiderlabs acknowledges report, promises investigation"
},
{
"lang": "en",
"time": "2023-11-28T00:00:00.000Z",
"value": "OWASP CRS asks for update"
},
{
"lang": "en",
"time": "2023-11-29T00:00:00.000Z",
"value": "Trustwave Spiderlabs rejects report, describes it as anomaly without security impact"
},
{
"lang": "en",
"time": "2023-12-01T00:00:00.000Z",
"value": "OWASP CRS reiterates previously shared SQLi proof of concept"
},
{
"lang": "en",
"time": "2023-12-01T00:00:00.000Z",
"value": "Trustwave Spiderlabs acknowledges security impact"
},
{
"lang": "en",
"time": "2023-12-04T00:00:00.000Z",
"value": "OWASP CRS shares XSS proof of concept"
},
{
"lang": "en",
"time": "2023-12-07T00:00:00.000Z",
"value": "Trustwave Spiderlabs promises security release early in the new year"
},
{
"lang": "en",
"time": "2024-01-02T00:00:00.000Z",
"value": "OWASP CRS asks for update"
},
{
"lang": "en",
"time": "2024-01-03T00:00:00.000Z",
"value": "Trustwave Spiderlabs announces preview patch by Jan 12, release in the week of Jan 22"
},
{
"lang": "en",
"time": "2024-01-12T00:00:00.000Z",
"value": "Trustwave Spiderlabs shares preview patch with primary contact from OWASP CRS"
},
{
"lang": "en",
"time": "2024-01-22T00:00:00.000Z",
"value": "OWASP CRS confirms preview patch fixes vulnerability"
},
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Trustwave Spiderlabs announces transfer of ModSecurity project to OWASP for 2023-01-25"
},
{
"lang": "en",
"time": "2024-01-25T00:00:00.000Z",
"value": "Trustwave Spiderlabs transfers ModSecurity repository to OWASP"
},
{
"lang": "en",
"time": "2024-01-25T00:00:00.000Z",
"value": "OWASP creates OWASP ModSecurity, assigns OWASP ModSecurity production level, primary contact from OWASP CRS becomes OWASP ModSecurity co-lead"
},
{
"lang": "en",
"time": "2024-01-26T00:00:00.000Z",
"value": "OWASP ModSecurity leaders decide to release on 2023-01-30"
},
{
"lang": "en",
"time": "2024-01-27T00:00:00.000Z",
"value": "OWASP ModSecurity creates GPG to sign upcoming release, shares via public key servers"
},
{
"lang": "en",
"time": "2024-01-29T00:00:00.000Z",
"value": "NCSC-CH assigns CVE 2024-1019, advisory text and release notes are being prepared, planned release procedure is discussed with Trustwave Spiderlabs"
},
{
"lang": "en",
"time": "2024-01-30T00:00:00.000Z",
"value": "OWASP ModSecurity Release 3.0.12"
}
],
"title": "WAF bypass of the ModSecurity v3 release line",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eModSecurity v3\u2019s REQUEST_URI_RAW variable contains the full URI and is unaffected by the URL decoding step. \u003c/span\u003eIt is therefore possible to use the REQUEST_URI_RAW variable to derive all other required variables correctly, including performing any required URL decoding.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ModSecurity v3\u2019s REQUEST_URI_RAW variable contains the full URI and is unaffected by the URL decoding step. It is therefore possible to use the REQUEST_URI_RAW variable to derive all other required variables correctly, including performing any required URL decoding."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2024-1019",
"datePublished": "2024-01-30T16:09:42.428Z",
"dateReserved": "2024-01-29T10:28:35.711Z",
"dateUpdated": "2025-06-17T21:29:18.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23686 (GCVE-0-2024-23686)
Vulnerability from nvd – Published: 2024-01-19 21:12 – Updated: 2026-06-23 16:13
VLAI
EPSS
VEX
Title
DependencyCheck Debug Mode Logging of NVD API Key
Summary
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/jeremylong/DependencyCheck/sec… | vendor-advisory |
| https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 | vendor-advisory |
| https://vulncheck.com/advisories/vc-advisory-GHSA… | third-party-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23686",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T20:19:37.408879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T15:00:19.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.owasp:dependency-check-maven",
"versions": [
{
"lessThanOrEqual": "9.0.6",
"status": "affected",
"version": "9.0.0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.owasp:dependency-check-cli",
"versions": [
{
"lessThanOrEqual": "9.0.5",
"status": "affected",
"version": "9.0.0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.owasp:dependency-check-ant",
"versions": [
{
"lessThanOrEqual": "9.0.5",
"status": "affected",
"version": "9.0.0",
"versionType": "maven"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:ant:*:*",
"versionEndIncluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:cli:*:*",
"versionEndIncluding": "9.0.5",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:maven:*:*",
"versionEndIncluding": "9.0.5",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.\u003c/p\u003e"
}
],
"value": "DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:13:17.556Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "DependencyCheck Debug Mode Logging of NVD API Key",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-23686",
"datePublished": "2024-01-19T21:12:13.288Z",
"dateReserved": "2024-01-19T17:35:09.985Z",
"dateUpdated": "2026-06-23T16:13:17.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-38285 (GCVE-0-2023-38285)
Vulnerability from nvd – Published: 2023-07-26 00:00 – Updated: 2024-10-23 15:42
VLAI
EPSS
VEX
Summary
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T15:41:59.518968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T15:42:14.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/"
},
{
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38285",
"datePublished": "2023-07-26T00:00:00.000Z",
"dateReserved": "2023-07-14T00:00:00.000Z",
"dateUpdated": "2024-10-23T15:42:14.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38199 (GCVE-0-2023-38199)
Vulnerability from nvd – Published: 2023-07-13 00:00 – Updated: 2024-10-30 18:55
VLAI
EPSS
VEX
Summary
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/coreruleset/coreruleset/issues/3191"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/coreruleset/coreruleset/pull/3237"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T18:55:13.238873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:55:24.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka \"Content-Type confusion\" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T03:08:41.028Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/coreruleset/coreruleset/issues/3191"
},
{
"url": "https://github.com/coreruleset/coreruleset/pull/3237"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38199",
"datePublished": "2023-07-13T00:00:00.000Z",
"dateReserved": "2023-07-13T00:00:00.000Z",
"dateUpdated": "2024-10-30T18:55:24.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-42268 (GCVE-0-2026-42268)
Vulnerability from cvelistv5 – Published: 2026-05-12 21:40 – Updated: 2026-05-14 12:34
VLAI
EPSS
VEX
Title
ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators
Summary
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @verifySSN, @verifyCPF, or @verifySVNR. This vulnerability is fixed in 3.0.15.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| owasp-modsecurity | ModSecurity |
Affected:
>= 3.0.0, < 3.0.15
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42268",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T12:34:17.448480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T12:34:20.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-vwr3-7x7g-7p9w"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ModSecurity",
"vendor": "owasp-modsecurity",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @verifySSN, @verifyCPF, or @verifySVNR. This vulnerability is fixed in 3.0.15."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T21:40:19.031Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-vwr3-7x7g-7p9w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-vwr3-7x7g-7p9w"
}
],
"source": {
"advisory": "GHSA-vwr3-7x7g-7p9w",
"discovery": "UNKNOWN"
},
"title": "ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42268",
"datePublished": "2026-05-12T21:40:19.031Z",
"dateReserved": "2026-04-26T11:53:27.706Z",
"dateUpdated": "2026-05-14T12:34:20.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30923 (GCVE-0-2026-30923)
Vulnerability from cvelistv5 – Published: 2026-05-05 18:46 – Updated: 2026-05-05 19:21
VLAI
EPSS
VEX
Title
libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings
Summary
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. An attacker can exploit this to crash worker processes, causing a denial of service. Service resumes once the attack stops as worker processes recover from the segfault. All versions before 3.0.15 of libModSecurity3 are affected. This has been patched in version 3.0.15.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_CONFIRM |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| owasp-modsecurity | ModSecurity |
Affected:
< 3.0.15
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30923",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T19:20:55.329784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T19:21:08.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-qrjc-3jpc-3h2g"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ModSecurity",
"vendor": "owasp-modsecurity",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. An attacker can exploit this to crash worker processes, causing a denial of service. Service resumes once the attack stops as worker processes recover from the segfault. All versions before 3.0.15 of libModSecurity3 are affected. This has been patched in version 3.0.15."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T18:46:03.201Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-qrjc-3jpc-3h2g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-qrjc-3jpc-3h2g"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v3.0.15",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v3.0.15"
}
],
"source": {
"advisory": "GHSA-qrjc-3jpc-3h2g",
"discovery": "UNKNOWN"
},
"title": "libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30923",
"datePublished": "2026-05-05T18:46:03.201Z",
"dateReserved": "2026-03-07T16:40:05.884Z",
"dateUpdated": "2026-05-05T19:21:08.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40316 (GCVE-0-2026-40316)
Vulnerability from cvelistv5 – Published: 2026-04-15 22:49 – Updated: 2026-04-16 14:18
VLAI
EPSS
VEX
Title
OWASP BLT has RCE in Github Actions via untrusted Django model execution in workflow
Summary
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with full GITHUB_TOKEN write permissions, copies attacker-controlled files from untrusted pull requests into the trusted runner workspace via git show, and then executes python manage.py makemigrations, which imports Django model modules including attacker-controlled website/models.py at runtime. Any module-level Python code in the attacker's models.py is executed during import, enabling arbitrary code execution in the privileged CI environment with access to GITHUB_TOKEN and repository secrets. The attack is triggerable by any external contributor who can open a pull request, provided a maintainer applies the regenerate-migrations label, potentially leading to secret exfiltration, repository compromise, and supply chain attacks. A patch for this issue is expected to be released in version 2.1.1.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/OWASP-BLT/BLT/security/advisor… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40316",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T14:17:42.666326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T14:18:12.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BLT",
"vendor": "OWASP-BLT",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with full GITHUB_TOKEN write permissions, copies attacker-controlled files from untrusted pull requests into the trusted runner workspace via git show, and then executes python manage.py makemigrations, which imports Django model modules including attacker-controlled website/models.py at runtime. Any module-level Python code in the attacker\u0027s models.py is executed during import, enabling arbitrary code execution in the privileged CI environment with access to GITHUB_TOKEN and repository secrets. The attack is triggerable by any external contributor who can open a pull request, provided a maintainer applies the regenerate-migrations label, potentially leading to secret exfiltration, repository compromise, and supply chain attacks. A patch for this issue is expected to be released in version 2.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T22:49:18.636Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OWASP-BLT/BLT/security/advisories/GHSA-wxm3-64fx-cmx9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OWASP-BLT/BLT/security/advisories/GHSA-wxm3-64fx-cmx9"
}
],
"source": {
"advisory": "GHSA-wxm3-64fx-cmx9",
"discovery": "UNKNOWN"
},
"title": "OWASP BLT has RCE in Github Actions via untrusted Django model execution in workflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40316",
"datePublished": "2026-04-15T22:49:18.636Z",
"dateReserved": "2026-04-10T21:41:54.505Z",
"dateUpdated": "2026-04-16T14:18:12.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33691 (GCVE-0-2026-33691)
Vulnerability from cvelistv5 – Published: 2026-04-02 15:03 – Updated: 2026-04-18 19:16
VLAI
EPSS
VEX
Title
OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks
Summary
The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions (.php, .phar, .jsp, .jspx) by inserting whitespace padding in the filename (e.g. photo. php or shell.jsp ). The affected rules do not normalize whitespace before evaluating the file extension regex, so the dot-extension check fails to match. This issue has been patched in versions 3.3.9 and 4.25.0.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-178 - Improper Handling of Case Sensitivity
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/coreruleset/coreruleset/securi… | x_refsource_CONFIRM |
| https://github.com/coreruleset/coreruleset/pull/4546 | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/pull/4547 | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/pull/4548 | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/commit… | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/releas… | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/releas… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2026/03/29/2 | |
| http://seclists.org/fulldisclosure/2026/Apr/0 | |
| http://www.openwall.com/lists/oss-security/2026/04/18/4 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| coreruleset | coreruleset |
Affected:
< 3.3.9
Affected: >= 4.0.0-rc1, < 4.25.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-18T19:16:54.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/29/2"
},
{
"url": "http://seclists.org/fulldisclosure/2026/Apr/0"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/18/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T17:38:01.007742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T17:38:10.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coreruleset",
"vendor": "coreruleset",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.9"
},
{
"status": "affected",
"version": "\u003e= 4.0.0-rc1, \u003c 4.25.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions (.php, .phar, .jsp, .jspx) by inserting whitespace padding in the filename (e.g. photo. php or shell.jsp ). The affected rules do not normalize whitespace before evaluating the file extension regex, so the dot-extension check fails to match. This issue has been patched in versions 3.3.9 and 4.25.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-178",
"description": "CWE-178: Improper Handling of Case Sensitivity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T15:03:52.126Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w"
},
{
"name": "https://github.com/coreruleset/coreruleset/pull/4546",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/pull/4546"
},
{
"name": "https://github.com/coreruleset/coreruleset/pull/4547",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/pull/4547"
},
{
"name": "https://github.com/coreruleset/coreruleset/pull/4548",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/pull/4548"
},
{
"name": "https://github.com/coreruleset/coreruleset/commit/2a8c63512811c5dd74472becebb79a783e68ff02",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/commit/2a8c63512811c5dd74472becebb79a783e68ff02"
},
{
"name": "https://github.com/coreruleset/coreruleset/releases/tag/v3.3.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/releases/tag/v3.3.9"
},
{
"name": "https://github.com/coreruleset/coreruleset/releases/tag/v4.25.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/releases/tag/v4.25.0"
}
],
"source": {
"advisory": "GHSA-rw5f-9w43-gv2w",
"discovery": "UNKNOWN"
},
"title": "OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33691",
"datePublished": "2026-04-02T15:03:52.126Z",
"dateReserved": "2026-03-23T16:34:59.932Z",
"dateUpdated": "2026-04-18T19:16:54.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3816 (GCVE-0-2026-3816)
Vulnerability from cvelistv5 – Published: 2026-03-09 11:02 – Updated: 2026-03-09 17:25 X_Open Source
VLAI
EPSS
VEX
Title
OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service
Summary
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-404 - Denial of Service
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.349782 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.349782 | signaturepermissions-required |
| https://vuldb.com/?submit.769524 | third-party-advisory |
| https://github.com/henrrrychau/cve-bug-bounty/blo… | related |
| https://github.com/DefectDojo/django-DefectDojo/p… | issue-trackingpatch |
| https://github.com/henrrrychau/cve-bug-bounty/blo… | exploit |
| https://github.com/DefectDojo/django-DefectDojo/c… | patch |
| https://github.com/DefectDojo/django-DefectDojo/r… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OWASP | DefectDojo |
Affected:
2.55.0
Affected: 2.55.1 Affected: 2.55.2 Affected: 2.55.3 Affected: 2.55.4 Unaffected: 2.56.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3816",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T17:25:13.478167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T17:25:37.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SonarQubeParser/MSDefenderParser"
],
"product": "DefectDojo",
"vendor": "OWASP",
"versions": [
{
"status": "affected",
"version": "2.55.0"
},
{
"status": "affected",
"version": "2.55.1"
},
{
"status": "affected",
"version": "2.55.2"
},
{
"status": "affected",
"version": "2.55.3"
},
{
"status": "affected",
"version": "2.55.4"
},
{
"status": "unaffected",
"version": "2.56.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "h3nrrrych4u (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T11:02:10.662Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349782 | OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349782"
},
{
"name": "VDB-349782 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349782"
},
{
"name": "Submit #769524 | OWASP DefectDojo \u003c= 2.55.4 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769524"
},
{
"tags": [
"related"
],
"url": "https://github.com/henrrrychau/cve-bug-bounty/blob/main/dfdj_zip_bomb_dos_oom/dfdj_zip_bomb_dos_oom.md"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/pull/14408"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/henrrrychau/cve-bug-bounty/blob/main/dfdj_zip_bomb_dos_oom/dfdj_zip_bomb_dos_oom.md#supporting-materialreferences"
},
{
"tags": [
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/commit/e8f1e5131535b8fd80a7b1b3085d676295fdcd41"
},
{
"tags": [
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.56.0"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-03-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-08T18:28:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3816",
"datePublished": "2026-03-09T11:02:10.662Z",
"dateReserved": "2026-03-08T17:23:16.744Z",
"dateUpdated": "2026-03-09T17:25:37.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21876 (GCVE-0-2026-21876)
Vulnerability from cvelistv5 – Published: 2026-01-08 13:55 – Updated: 2026-04-09 15:41
VLAI
EPSS
VEX
Title
OWASP CRS has multipart bypass using multiple content-type parts
Summary
The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-794 - Incomplete Filtering of Multiple Instances of Special Elements
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/coreruleset/coreruleset/securi… | x_refsource_CONFIRM |
| https://github.com/coreruleset/coreruleset/commit… | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/commit… | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/releas… | x_refsource_MISC |
| https://github.com/coreruleset/coreruleset/releas… | x_refsource_MISC |
| https://github.com/daytriftnewgen/CVE-2026-21876 | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| coreruleset | coreruleset |
Affected:
< 4.22.0
Affected: < 3.3.8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T14:52:48.615550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:41:17.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/daytriftnewgen/CVE-2026-21876"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coreruleset",
"vendor": "coreruleset",
"versions": [
{
"status": "affected",
"version": "\u003c 4.22.0"
},
{
"status": "affected",
"version": "\u003c 3.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-794",
"description": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T13:55:37.102Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coreruleset/coreruleset/security/advisories/GHSA-36fv-25j3-r2c5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coreruleset/coreruleset/security/advisories/GHSA-36fv-25j3-r2c5"
},
{
"name": "https://github.com/coreruleset/coreruleset/commit/80d80473abf71bd49bf6d3c1ab221e3c74e4eb83",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/commit/80d80473abf71bd49bf6d3c1ab221e3c74e4eb83"
},
{
"name": "https://github.com/coreruleset/coreruleset/commit/9917985de09a6cf38b3261faf9105e909d67a7d6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/commit/9917985de09a6cf38b3261faf9105e909d67a7d6"
},
{
"name": "https://github.com/coreruleset/coreruleset/releases/tag/v3.3.8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/releases/tag/v3.3.8"
},
{
"name": "https://github.com/coreruleset/coreruleset/releases/tag/v4.22.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreruleset/coreruleset/releases/tag/v4.22.0"
}
],
"source": {
"advisory": "GHSA-36fv-25j3-r2c5",
"discovery": "UNKNOWN"
},
"title": "OWASP CRS has multipart bypass using multiple content-type parts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21876",
"datePublished": "2026-01-08T13:55:37.102Z",
"dateReserved": "2026-01-05T17:24:36.927Z",
"dateUpdated": "2026-04-09T15:41:17.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66022 (GCVE-0-2025-66022)
Vulnerability from cvelistv5 – Published: 2025-11-26 02:08 – Updated: 2025-11-26 15:13
VLAI
EPSS
VEX
Title
FACTION Unauthenticated Custom Extension Upload leads to RCE
Summary
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote code execution (RCE) on the host running Faction. Due to a missing authentication check on the /portal/AppStoreDashboard endpoint, an attacker can access the extension management UI and upload a malicious extension without any authentication, making this vulnerability exploitable by unauthenticated users. This issue has been patched in version 1.7.1.
Severity
9.7 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/factionsecurity/faction/securi… | x_refsource_CONFIRM |
| https://github.com/factionsecurity/faction/commit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| factionsecurity | faction |
Affected:
< 1.7.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66022",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T15:13:38.733818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T15:13:42.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/factionsecurity/faction/security/advisories/GHSA-xr72-2g43-586w"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "faction",
"vendor": "factionsecurity",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction\u2019s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote code execution (RCE) on the host running Faction. Due to a missing authentication check on the /portal/AppStoreDashboard endpoint, an attacker can access the extension management UI and upload a malicious extension without any authentication, making this vulnerability exploitable by unauthenticated users. This issue has been patched in version 1.7.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T02:08:14.805Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/factionsecurity/faction/security/advisories/GHSA-xr72-2g43-586w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/factionsecurity/faction/security/advisories/GHSA-xr72-2g43-586w"
},
{
"name": "https://github.com/factionsecurity/faction/commit/c6389f1c76175b7c1c68d1a87b389311b16c62c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/factionsecurity/faction/commit/c6389f1c76175b7c1c68d1a87b389311b16c62c3"
}
],
"source": {
"advisory": "GHSA-xr72-2g43-586w",
"discovery": "UNKNOWN"
},
"title": "FACTION Unauthenticated Custom Extension Upload leads to RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66022",
"datePublished": "2025-11-26T02:08:14.805Z",
"dateReserved": "2025-11-21T01:08:02.613Z",
"dateUpdated": "2025-11-26T15:13:42.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66021 (GCVE-0-2025-66021)
Vulnerability from cvelistv5 – Published: 2025-11-26 01:53 – Updated: 2025-11-26 15:16
VLAI
EPSS
VEX
Title
OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization
Summary
OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style tags with allowTextIn inside the style tag. This could lead to XSS if the payload is crafted in such a way that it does not sanitise the CSS and allows tags which is not mentioned in HTML policy. At time of publication no known patch is available.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/OWASP/java-html-sanitizer/secu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OWASP | java-html-sanitizer |
Affected:
= 20240325.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T15:15:53.738095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T15:16:17.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "java-html-sanitizer",
"vendor": "OWASP",
"versions": [
{
"status": "affected",
"version": "= 20240325.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style tags with allowTextIn inside the style tag. This could lead to XSS if the payload is crafted in such a way that it does not sanitise the CSS and allows tags which is not mentioned in HTML policy. At time of publication no known patch is available."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T01:53:37.578Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2"
}
],
"source": {
"advisory": "GHSA-g9gq-3pfx-2gw2",
"discovery": "UNKNOWN"
},
"title": "OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66021",
"datePublished": "2025-11-26T01:53:37.578Z",
"dateReserved": "2025-11-21T01:08:02.613Z",
"dateUpdated": "2025-11-26T15:16:17.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54571 (GCVE-0-2025-54571)
Vulnerability from cvelistv5 – Published: 2025-08-05 23:39 – Updated: 2025-11-03 18:13
VLAI
EPSS
VEX
Title
ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure
Summary
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11
and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-252 - Unchecked Return Value
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_CONFIRM |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| owasp-modsecurity | ModSecurity |
Affected:
< 2.9.12
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54571",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T20:31:25.327927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T20:31:40.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:36.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ModSecurity",
"vendor": "owasp-modsecurity",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11\nand below, an attacker can override the HTTP response\u2019s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252: Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T23:39:40.712Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/issues/2514",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/issues/2514"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/commit/6d7e8eb18f2d7d368fb8e29516fcdeaeb8d349b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/commit/6d7e8eb18f2d7d368fb8e29516fcdeaeb8d349b8"
}
],
"source": {
"advisory": "GHSA-cg44-9m43-3f9v",
"discovery": "UNKNOWN"
},
"title": "ModSecurity\u0027s Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54571",
"datePublished": "2025-08-05T23:39:40.712Z",
"dateReserved": "2025-07-25T16:19:16.090Z",
"dateUpdated": "2025-11-03T18:13:36.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48866 (GCVE-0-2025-48866)
Vulnerability from cvelistv5 – Published: 2025-06-02 15:46 – Updated: 2025-06-09 15:03
VLAI
EPSS
VEX
Title
ModSecurity has possible DoS vulnerability in sanitiseArg action
Summary
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1050 - Excessive Platform Resource Consumption within a Loop
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_CONFIRM |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
| https://github.com/owasp-modsecurity/ModSecurity/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| owasp-modsecurity | ModSecurity |
Affected:
< 2.9.10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48866",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T15:52:43.836965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:54:25.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-09T15:03:29.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ModSecurity",
"vendor": "owasp-modsecurity",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1050",
"description": "CWE-1050: Excessive Platform Resource Consumption within a Loop",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:46:19.909Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-f82j-8pp7-cw2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-f82j-8pp7-cw2w"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e"
},
{
"name": "https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#sanitisearg",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#sanitisearg"
}
],
"source": {
"advisory": "GHSA-f82j-8pp7-cw2w",
"discovery": "UNKNOWN"
},
"title": "ModSecurity has possible DoS vulnerability in sanitiseArg action"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48866",
"datePublished": "2025-06-02T15:46:19.909Z",
"dateReserved": "2025-05-27T20:14:34.294Z",
"dateUpdated": "2025-06-09T15:03:29.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48171 (GCVE-0-2023-48171)
Vulnerability from cvelistv5 – Published: 2024-08-12 00:00 – Updated: 2024-08-13 18:29
VLAI
EPSS
VEX
Summary
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| owasp | defectdojo |
Affected:
0 , < 1.5.3.1
(custom)
cpe:2.3:a:owasp:defectdojo:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:owasp:defectdojo:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "defectdojo",
"vendor": "owasp",
"versions": [
{
"lessThan": "1.5.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-48171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:26:08.493674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T18:29:24.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:16:16.417Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gccybermonks.com/posts/defectdojo/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48171",
"datePublished": "2024-08-12T00:00:00.000Z",
"dateReserved": "2023-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-13T18:29:24.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1019 (GCVE-0-2024-1019)
Vulnerability from cvelistv5 – Published: 2024-01-30 16:09 – Updated: 2025-06-17 21:29
VLAI
EPSS
VEX
Title
WAF bypass of the ModSecurity v3 release line
Summary
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OWASP ModSecurity | ModSecurity |
Affected:
3.0.0 , ≤ 3.0.11
(patch)
|
Date Public
2024-01-30 15:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T16:02:00.926887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:18.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://modsecurity.digitalwave.hu",
"defaultStatus": "unaffected",
"product": "ModSecurity",
"repo": "https://github.com/owasp-modsecurity/ModSecurity",
"vendor": "OWASP ModSecurity",
"versions": [
{
"lessThanOrEqual": "3.0.11",
"status": "affected",
"version": "3.0.0",
"versionType": "patch"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For this vulnerability to be exploitable, the application has to use path components of the URI to construct queries, such as SQL queries or shell script sequence. Both are considered risky behaviors.\u003cbr\u003e"
}
],
"value": "For this vulnerability to be exploitable, the application has to use path components of the URI to construct queries, such as SQL queries or shell script sequence. Both are considered risky behaviors."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Menin @AndreaTheMiddle \u003chttps://github.com/theMiddleBlue\u003e"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Matteo Pace @M4tteoP \u003chttps://github.com/M4tteoP\u003e"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Max Leske \u003chttps://github.com/theseion\u003e"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ervin Heged\u00fcs @airween \u003chttps://github.com/airween\u003e"
}
],
"datePublic": "2024-01-30T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-152",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-152"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T02:06:01.785Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to ModSecurity 3.0.12.\u003cbr\u003e"
}
],
"value": "Upgrade to ModSecurity 3.0.12."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-11-13T00:00:00.000Z",
"value": "OWASP CRS submits report to Trustwave Spiderlabs, includes SQLi proof of concept"
},
{
"lang": "en",
"time": "2023-11-14T00:00:00.000Z",
"value": "Trustwave Spiderlabs acknowledges report, promises investigation"
},
{
"lang": "en",
"time": "2023-11-28T00:00:00.000Z",
"value": "OWASP CRS asks for update"
},
{
"lang": "en",
"time": "2023-11-29T00:00:00.000Z",
"value": "Trustwave Spiderlabs rejects report, describes it as anomaly without security impact"
},
{
"lang": "en",
"time": "2023-12-01T00:00:00.000Z",
"value": "OWASP CRS reiterates previously shared SQLi proof of concept"
},
{
"lang": "en",
"time": "2023-12-01T00:00:00.000Z",
"value": "Trustwave Spiderlabs acknowledges security impact"
},
{
"lang": "en",
"time": "2023-12-04T00:00:00.000Z",
"value": "OWASP CRS shares XSS proof of concept"
},
{
"lang": "en",
"time": "2023-12-07T00:00:00.000Z",
"value": "Trustwave Spiderlabs promises security release early in the new year"
},
{
"lang": "en",
"time": "2024-01-02T00:00:00.000Z",
"value": "OWASP CRS asks for update"
},
{
"lang": "en",
"time": "2024-01-03T00:00:00.000Z",
"value": "Trustwave Spiderlabs announces preview patch by Jan 12, release in the week of Jan 22"
},
{
"lang": "en",
"time": "2024-01-12T00:00:00.000Z",
"value": "Trustwave Spiderlabs shares preview patch with primary contact from OWASP CRS"
},
{
"lang": "en",
"time": "2024-01-22T00:00:00.000Z",
"value": "OWASP CRS confirms preview patch fixes vulnerability"
},
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Trustwave Spiderlabs announces transfer of ModSecurity project to OWASP for 2023-01-25"
},
{
"lang": "en",
"time": "2024-01-25T00:00:00.000Z",
"value": "Trustwave Spiderlabs transfers ModSecurity repository to OWASP"
},
{
"lang": "en",
"time": "2024-01-25T00:00:00.000Z",
"value": "OWASP creates OWASP ModSecurity, assigns OWASP ModSecurity production level, primary contact from OWASP CRS becomes OWASP ModSecurity co-lead"
},
{
"lang": "en",
"time": "2024-01-26T00:00:00.000Z",
"value": "OWASP ModSecurity leaders decide to release on 2023-01-30"
},
{
"lang": "en",
"time": "2024-01-27T00:00:00.000Z",
"value": "OWASP ModSecurity creates GPG to sign upcoming release, shares via public key servers"
},
{
"lang": "en",
"time": "2024-01-29T00:00:00.000Z",
"value": "NCSC-CH assigns CVE 2024-1019, advisory text and release notes are being prepared, planned release procedure is discussed with Trustwave Spiderlabs"
},
{
"lang": "en",
"time": "2024-01-30T00:00:00.000Z",
"value": "OWASP ModSecurity Release 3.0.12"
}
],
"title": "WAF bypass of the ModSecurity v3 release line",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eModSecurity v3\u2019s REQUEST_URI_RAW variable contains the full URI and is unaffected by the URL decoding step. \u003c/span\u003eIt is therefore possible to use the REQUEST_URI_RAW variable to derive all other required variables correctly, including performing any required URL decoding.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ModSecurity v3\u2019s REQUEST_URI_RAW variable contains the full URI and is unaffected by the URL decoding step. It is therefore possible to use the REQUEST_URI_RAW variable to derive all other required variables correctly, including performing any required URL decoding."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2024-1019",
"datePublished": "2024-01-30T16:09:42.428Z",
"dateReserved": "2024-01-29T10:28:35.711Z",
"dateUpdated": "2025-06-17T21:29:18.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23686 (GCVE-0-2024-23686)
Vulnerability from cvelistv5 – Published: 2024-01-19 21:12 – Updated: 2026-06-23 16:13
VLAI
EPSS
VEX
Title
DependencyCheck Debug Mode Logging of NVD API Key
Summary
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/jeremylong/DependencyCheck/sec… | vendor-advisory |
| https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 | vendor-advisory |
| https://vulncheck.com/advisories/vc-advisory-GHSA… | third-party-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23686",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T20:19:37.408879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T15:00:19.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.owasp:dependency-check-maven",
"versions": [
{
"lessThanOrEqual": "9.0.6",
"status": "affected",
"version": "9.0.0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.owasp:dependency-check-cli",
"versions": [
{
"lessThanOrEqual": "9.0.5",
"status": "affected",
"version": "9.0.0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.owasp:dependency-check-ant",
"versions": [
{
"lessThanOrEqual": "9.0.5",
"status": "affected",
"version": "9.0.0",
"versionType": "maven"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:ant:*:*",
"versionEndIncluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:cli:*:*",
"versionEndIncluding": "9.0.5",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:maven:*:*",
"versionEndIncluding": "9.0.5",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.\u003c/p\u003e"
}
],
"value": "DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:13:17.556Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "DependencyCheck Debug Mode Logging of NVD API Key",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-23686",
"datePublished": "2024-01-19T21:12:13.288Z",
"dateReserved": "2024-01-19T17:35:09.985Z",
"dateUpdated": "2026-06-23T16:13:17.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-38285 (GCVE-0-2023-38285)
Vulnerability from cvelistv5 – Published: 2023-07-26 00:00 – Updated: 2024-10-23 15:42
VLAI
EPSS
VEX
Summary
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T15:41:59.518968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T15:42:14.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/"
},
{
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38285",
"datePublished": "2023-07-26T00:00:00.000Z",
"dateReserved": "2023-07-14T00:00:00.000Z",
"dateUpdated": "2024-10-23T15:42:14.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38199 (GCVE-0-2023-38199)
Vulnerability from cvelistv5 – Published: 2023-07-13 00:00 – Updated: 2024-10-30 18:55
VLAI
EPSS
VEX
Summary
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/coreruleset/coreruleset/issues/3191"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/coreruleset/coreruleset/pull/3237"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T18:55:13.238873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:55:24.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka \"Content-Type confusion\" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T03:08:41.028Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/coreruleset/coreruleset/issues/3191"
},
{
"url": "https://github.com/coreruleset/coreruleset/pull/3237"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38199",
"datePublished": "2023-07-13T00:00:00.000Z",
"dateReserved": "2023-07-13T00:00:00.000Z",
"dateUpdated": "2024-10-30T18:55:24.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}