Vulnerability-Lookup

WID-SEC-W-2026-0438

Vulnerability from csaf_certbund - Published: 2026-02-17 23:00 - Updated: 2026-03-17 23:00

Summary

Atlassian Bamboo und Confluence (Data Center und Server): Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet. Confluence ist eine kommerzielle Wiki-Software.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Bamboo und Atlassian Confluence ausnutzen, um einen Denial of Service Angriff durchzuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Cross-Site-Scripting-Angriffe durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2020-28469

Affected products

Known affected 7 products

Product	Identifier	Version	Remediation
Atlassian Confluence Data Center and Server <9.2.15 LTS Atlassian / Confluence		Data Center and Server <9.2.15 LTS
Atlassian Bitbucket <9.4.17 to 9.4.18 Atlassian / Bitbucket		<9.4.17 to 9.4.18
Atlassian Confluence Data Center and Server <10.2.3 LTS Atlassian / Confluence		Data Center and Server <10.2.3 LTS
Atlassian Bitbucket <10.1.5 Atlassian / Bitbucket		<10.1.5
Atlassian Confluence Data Center and Server <9.2.14 LTS Atlassian / Confluence		Data Center and Server <9.2.14 LTS
Atlassian Bitbucket <10.2.0 to 10.2.1 Atlassian / Bitbucket		<10.2.0 to 10.2.1
Atlassian Confluence Data Center and Server <10.2.6 LTS Atlassian / Confluence		Data Center and Server <10.2.6 LTS

CVE-2022-25883

Affected products

Known affected 7 products

Product	Identifier	Version	Remediation
Atlassian Confluence Data Center and Server <9.2.15 LTS Atlassian / Confluence		Data Center and Server <9.2.15 LTS
Atlassian Bitbucket <9.4.17 to 9.4.18 Atlassian / Bitbucket		<9.4.17 to 9.4.18
Atlassian Confluence Data Center and Server <10.2.3 LTS Atlassian / Confluence		Data Center and Server <10.2.3 LTS
Atlassian Bitbucket <10.1.5 Atlassian / Bitbucket		<10.1.5
Atlassian Confluence Data Center and Server <9.2.14 LTS Atlassian / Confluence		Data Center and Server <9.2.14 LTS
Atlassian Bitbucket <10.2.0 to 10.2.1 Atlassian / Bitbucket		<10.2.0 to 10.2.1
Atlassian Confluence Data Center and Server <10.2.6 LTS Atlassian / Confluence		Data Center and Server <10.2.6 LTS

CVE-2022-25927

Affected products

Known affected 7 products

Product	Identifier	Version	Remediation
Atlassian Confluence Data Center and Server <9.2.15 LTS Atlassian / Confluence		Data Center and Server <9.2.15 LTS
Atlassian Bitbucket <9.4.17 to 9.4.18 Atlassian / Bitbucket		<9.4.17 to 9.4.18
Atlassian Confluence Data Center and Server <10.2.3 LTS Atlassian / Confluence		Data Center and Server <10.2.3 LTS
Atlassian Bitbucket <10.1.5 Atlassian / Bitbucket		<10.1.5
Atlassian Confluence Data Center and Server <9.2.14 LTS Atlassian / Confluence		Data Center and Server <9.2.14 LTS
Atlassian Bitbucket <10.2.0 to 10.2.1 Atlassian / Bitbucket		<10.2.0 to 10.2.1
Atlassian Confluence Data Center and Server <10.2.6 LTS Atlassian / Confluence		Data Center and Server <10.2.6 LTS

CVE-2025-41249

Affected products

Known affected 7 products

Product	Identifier	Version	Remediation
Atlassian Confluence Data Center and Server <9.2.15 LTS Atlassian / Confluence		Data Center and Server <9.2.15 LTS
Atlassian Bitbucket <9.4.17 to 9.4.18 Atlassian / Bitbucket		<9.4.17 to 9.4.18
Atlassian Confluence Data Center and Server <10.2.3 LTS Atlassian / Confluence		Data Center and Server <10.2.3 LTS
Atlassian Bitbucket <10.1.5 Atlassian / Bitbucket		<10.1.5
Atlassian Confluence Data Center and Server <9.2.14 LTS Atlassian / Confluence		Data Center and Server <9.2.14 LTS
Atlassian Bitbucket <10.2.0 to 10.2.1 Atlassian / Bitbucket		<10.2.0 to 10.2.1
Atlassian Confluence Data Center and Server <10.2.6 LTS Atlassian / Confluence		Data Center and Server <10.2.6 LTS

CVE-2025-48976

Affected products

Known affected 7 products

Product	Identifier	Version	Remediation
Atlassian Confluence Data Center and Server <9.2.15 LTS Atlassian / Confluence		Data Center and Server <9.2.15 LTS
Atlassian Bitbucket <9.4.17 to 9.4.18 Atlassian / Bitbucket		<9.4.17 to 9.4.18
Atlassian Confluence Data Center and Server <10.2.3 LTS Atlassian / Confluence		Data Center and Server <10.2.3 LTS
Atlassian Bitbucket <10.1.5 Atlassian / Bitbucket		<10.1.5
Atlassian Confluence Data Center and Server <9.2.14 LTS Atlassian / Confluence		Data Center and Server <9.2.14 LTS
Atlassian Bitbucket <10.2.0 to 10.2.1 Atlassian / Bitbucket		<10.2.0 to 10.2.1
Atlassian Confluence Data Center and Server <10.2.6 LTS Atlassian / Confluence		Data Center and Server <10.2.6 LTS

CVE-2025-59343

Affected products

Known affected 7 products

Product	Identifier	Version	Remediation
Atlassian Confluence Data Center and Server <9.2.15 LTS Atlassian / Confluence		Data Center and Server <9.2.15 LTS
Atlassian Bitbucket <9.4.17 to 9.4.18 Atlassian / Bitbucket		<9.4.17 to 9.4.18
Atlassian Confluence Data Center and Server <10.2.3 LTS Atlassian / Confluence		Data Center and Server <10.2.3 LTS
Atlassian Bitbucket <10.1.5 Atlassian / Bitbucket		<10.1.5
Atlassian Confluence Data Center and Server <9.2.14 LTS Atlassian / Confluence		Data Center and Server <9.2.14 LTS
Atlassian Bitbucket <10.2.0 to 10.2.1 Atlassian / Bitbucket		<10.2.0 to 10.2.1
Atlassian Confluence Data Center and Server <10.2.6 LTS Atlassian / Confluence		Data Center and Server <10.2.6 LTS

CVE-2025-66021

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Atlassian Bitbucket <9.4.17 to 9.4.18 Atlassian / Bitbucket		<9.4.17 to 9.4.18
Atlassian Bitbucket <10.1.5 Atlassian / Bitbucket		<10.1.5
Atlassian Bitbucket <10.2.0 to 10.2.1 Atlassian / Bitbucket		<10.2.0 to 10.2.1
Atlassian Bamboo Data Center and Server <12.1.2 LTS Atlassian / Bamboo		Data Center and Server <12.1.2 LTS
Atlassian Bamboo Data Center and Server <10.2.14 Atlassian / Bamboo		Data Center and Server <10.2.14

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://confluence.atlassian.com/security/securit…	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795	external
https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-…	external
https://github.com/OWASP/java-html-sanitizer/secu…	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nConfluence ist eine kommerzielle Wiki-Software.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Bamboo und Atlassian Confluence ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Cross-Site-Scripting-Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0438 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0438.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0438 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0438"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin vom 2026-02-17",
        "url": "https://confluence.atlassian.com/security/security-bulletin-february-17-2026-1722256046.html"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2020-28469 vom 2026-02-17",
        "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2022-25883 vom 2026-02-17",
        "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2022-25927 vom 2026-02-17",
        "url": "https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2025-66021 vom 2026-02-17",
        "url": "https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - March 17 2026",
        "url": "https://confluence.atlassian.com/security/security-bulletin-march-17-2026-1721271371.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Bamboo und Confluence (Data Center und Server): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-17T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-18T12:13:12.877+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0438",
      "initial_release_date": "2026-02-17T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-17T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-17T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center and Server \u003c12.1.2 LTS",
                "product": {
                  "name": "Atlassian Bamboo Data Center and Server \u003c12.1.2 LTS",
                  "product_id": "T050961"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center and Server 12.1.2 LTS",
                "product": {
                  "name": "Atlassian Bamboo Data Center and Server 12.1.2 LTS",
                  "product_id": "T050961-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center_and_server__12.1.2_lts"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center and Server \u003c10.2.14",
                "product": {
                  "name": "Atlassian Bamboo Data Center and Server \u003c10.2.14",
                  "product_id": "T050962"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center and Server 10.2.14",
                "product": {
                  "name": "Atlassian Bamboo Data Center and Server 10.2.14",
                  "product_id": "T050962-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center_and_server__10.2.14"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.5",
                "product": {
                  "name": "Atlassian Bitbucket \u003c10.1.5",
                  "product_id": "T051833"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.5",
                "product": {
                  "name": "Atlassian Bitbucket 10.1.5",
                  "product_id": "T051833-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:10.1.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.2.0 to 10.2.1",
                "product": {
                  "name": "Atlassian Bitbucket \u003c10.2.0 to 10.2.1",
                  "product_id": "T051834"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.0 to 10.2.1",
                "product": {
                  "name": "Atlassian Bitbucket 10.2.0 to 10.2.1",
                  "product_id": "T051834-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:10.2.0_to_10.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.17 to 9.4.18",
                "product": {
                  "name": "Atlassian Bitbucket \u003c9.4.17 to 9.4.18",
                  "product_id": "T051835"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.17 to 9.4.18",
                "product": {
                  "name": "Atlassian Bitbucket 9.4.17 to 9.4.18",
                  "product_id": "T051835-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:9.4.17_to_9.4.18"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center and Server \u003c10.2.6 LTS",
                "product": {
                  "name": "Atlassian Confluence Data Center and Server \u003c10.2.6 LTS",
                  "product_id": "T050963"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center and Server 10.2.6 LTS",
                "product": {
                  "name": "Atlassian Confluence Data Center and Server 10.2.6 LTS",
                  "product_id": "T050963-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center_and_server__10.2.6_lts"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center and Server \u003c10.2.3 LTS",
                "product": {
                  "name": "Atlassian Confluence Data Center and Server \u003c10.2.3 LTS",
                  "product_id": "T050964"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center and Server 10.2.3 LTS",
                "product": {
                  "name": "Atlassian Confluence Data Center and Server 10.2.3 LTS",
                  "product_id": "T050964-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center_and_server__10.2.3_lts"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center and Server \u003c9.2.15  LTS",
                "product": {
                  "name": "Atlassian Confluence Data Center and Server \u003c9.2.15  LTS",
                  "product_id": "T050965"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center and Server 9.2.15  LTS",
                "product": {
                  "name": "Atlassian Confluence Data Center and Server 9.2.15  LTS",
                  "product_id": "T050965-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center_and_server__9.2.15__lts"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center and Server \u003c9.2.14  LTS",
                "product": {
                  "name": "Atlassian Confluence Data Center and Server \u003c9.2.14  LTS",
                  "product_id": "T050966"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center and Server 9.2.14  LTS",
                "product": {
                  "name": "Atlassian Confluence Data Center and Server 9.2.14  LTS",
                  "product_id": "T050966-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center_and_server__9.2.14__lts"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28469",
      "product_status": {
        "known_affected": [
          "T050965",
          "T051835",
          "T050964",
          "T051833",
          "T050966",
          "T051834",
          "T050963"
        ]
      },
      "release_date": "2026-02-17T23:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2022-25883",
      "product_status": {
        "known_affected": [
          "T050965",
          "T051835",
          "T050964",
          "T051833",
          "T050966",
          "T051834",
          "T050963"
        ]
      },
      "release_date": "2026-02-17T23:00:00.000+00:00",
      "title": "CVE-2022-25883"
    },
    {
      "cve": "CVE-2022-25927",
      "product_status": {
        "known_affected": [
          "T050965",
          "T051835",
          "T050964",
          "T051833",
          "T050966",
          "T051834",
          "T050963"
        ]
      },
      "release_date": "2026-02-17T23:00:00.000+00:00",
      "title": "CVE-2022-25927"
    },
    {
      "cve": "CVE-2025-41249",
      "product_status": {
        "known_affected": [
          "T050965",
          "T051835",
          "T050964",
          "T051833",
          "T050966",
          "T051834",
          "T050963"
        ]
      },
      "release_date": "2026-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-41249"
    },
    {
      "cve": "CVE-2025-48976",
      "product_status": {
        "known_affected": [
          "T050965",
          "T051835",
          "T050964",
          "T051833",
          "T050966",
          "T051834",
          "T050963"
        ]
      },
      "release_date": "2026-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-59343",
      "product_status": {
        "known_affected": [
          "T050965",
          "T051835",
          "T050964",
          "T051833",
          "T050966",
          "T051834",
          "T050963"
        ]
      },
      "release_date": "2026-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-59343"
    },
    {
      "cve": "CVE-2025-66021",
      "product_status": {
        "known_affected": [
          "T051835",
          "T051833",
          "T051834",
          "T050961",
          "T050962"
        ]
      },
      "release_date": "2026-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-66021"
    }
  ]
}

CVE-2020-28469 (GCVE-0-2020-28469)

Vulnerability from cvelistv5 – Published: 2021-06-03 15:15 – Updated: 2024-09-16 18:43

Title

Regular Expression Denial of Service (ReDoS)

Summary

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

Regular Expression Denial of Service (ReDoS)

Assigner

snyk

References

7 references

URL	Tags
https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905	x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092	x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGIT…	x_refsource_MISC
https://github.com/gulpjs/glob-parent/blob/6ce8d1…	x_refsource_MISC
https://github.com/gulpjs/glob-parent/pull/36	x_refsource_MISC
https://github.com/gulpjs/glob-parent/releases/ta…	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	glob-parent	Affected: unspecified , < 5.1.2 (custom)

Date Public

2021-06-03 00:00

Credits

Yeting Li

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:59.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gulpjs/glob-parent/pull/36"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "glob-parent",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "5.1.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Yeting Li"
        }
      ],
      "datePublic": "2021-06-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Regular Expression Denial of Service (ReDoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-07T14:40:42.000Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gulpjs/glob-parent/pull/36"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        }
      ],
      "title": "Regular Expression Denial of Service (ReDoS)",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "DATE_PUBLIC": "2021-06-03T15:14:03.687376Z",
          "ID": "CVE-2020-28469",
          "STATE": "PUBLIC",
          "TITLE": "Regular Expression Denial of Service (ReDoS)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "glob-parent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Yeting Li"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Regular Expression Denial of Service (ReDoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
            },
            {
              "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092"
            },
            {
              "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093"
            },
            {
              "name": "https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9",
              "refsource": "MISC",
              "url": "https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9"
            },
            {
              "name": "https://github.com/gulpjs/glob-parent/pull/36",
              "refsource": "MISC",
              "url": "https://github.com/gulpjs/glob-parent/pull/36"
            },
            {
              "name": "https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2",
              "refsource": "MISC",
              "url": "https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2020-28469",
    "datePublished": "2021-06-03T15:15:13.479Z",
    "dateReserved": "2020-11-12T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:43:30.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25883 (GCVE-0-2022-25883)

Vulnerability from cvelistv5 – Published: 2023-06-21 05:00 – Updated: 2024-12-06 16:55

Summary

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1333 - Regular Expression Denial of Service (ReDoS)
CWE-1333 - Inefficient Regular Expression Complexity

Assigner

snyk

References

7 references

URL	Tags
https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
https://github.com/npm/node-semver/blob/main/inte…
https://github.com/npm/node-semver/blob/main/inte…
https://github.com/npm/node-semver/blob/main/clas…
https://github.com/npm/node-semver/pull/564
https://github.com/npm/node-semver/commit/717534e…
https://security.netapp.com/advisory/ntap-2024102…

Impacted products

1 product

Vendor	Product	Version
n/a	semver	Affected: 0 , < 7.5.2 (semver)

Credits

Alessio Della Libera - Snyk Research Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:07:28.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L160"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L138"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/npm/node-semver/pull/564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241025-0004/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25883",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T16:54:52.064322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1333",
                "description": "CWE-1333 Inefficient Regular Expression Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T16:55:09.228Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "semver",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "7.5.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Alessio Della Libera - Snyk Research Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Regular Expression Denial of Service (ReDoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-21T05:00:03.352Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"
        },
        {
          "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L160"
        },
        {
          "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L138"
        },
        {
          "url": "https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104"
        },
        {
          "url": "https://github.com/npm/node-semver/pull/564"
        },
        {
          "url": "https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2022-25883",
    "datePublished": "2023-06-21T05:00:03.352Z",
    "dateReserved": "2022-02-24T11:58:25.192Z",
    "dateUpdated": "2024-12-06T16:55:09.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25927 (GCVE-0-2022-25927)

Vulnerability from cvelistv5 – Published: 2023-01-25 05:00 – Updated: 2025-04-01 18:28

Summary

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1333 - Regular Expression Denial of Service (ReDoS)
CWE-1333 - Inefficient Regular Expression Complexity

Assigner

snyk

References

2 references

URL	Tags
https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-…
https://github.com/faisalman/ua-parser-js/commit/…

Impacted products

1 product

Vendor	Product	Version
n/a	ua-parser-js	Affected: 0.7.30 , < 0.7.33 (semver) Affected: 0.8.1 , < 1.0.33 (semver)

Credits

Beau Harder

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:44.149Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25927",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-01T18:27:15.804522Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1333",
                "description": "CWE-1333 Inefficient Regular Expression Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-01T18:28:37.897Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ua-parser-js",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "0.7.33",
              "status": "affected",
              "version": "0.7.30",
              "versionType": "semver"
            },
            {
              "lessThan": "1.0.33",
              "status": "affected",
              "version": "0.8.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Beau Harder"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.\r\r"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Regular Expression Denial of Service (ReDoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-25T05:00:00.897Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450"
        },
        {
          "url": "https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2022-25927",
    "datePublished": "2023-01-25T05:00:00.897Z",
    "dateReserved": "2022-02-24T11:58:25.175Z",
    "dateUpdated": "2025-04-01T18:28:37.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-41249 (GCVE-0-2025-41249)

Vulnerability from cvelistv5 – Published: 2025-09-16 10:15 – Updated: 2025-09-16 19:29

Title

CVE-2025-41249: Spring Framework Annotation Detection Vulnerability

Summary

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature. You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces. This CVE is published in conjunction with CVE-2025-41248 https://spring.io/security/cve-2025-41248 .

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-285 - Improper Authorization

Assigner

vmware

References

1 reference

URL	Tags
https://spring.io/security/cve-2025-41249

Impacted products

1 product

Vendor	Product	Version
VMware	Spring Framework	Affected: 6.2.x , < 6.2.11 (OSS) Affected: 6.1.x , < 6.1.23 (commercial) Affected: 5.3.x , < 5.3.45 (COMMERCIAL)

Date Public

2025-09-15 10:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-16T19:29:22.619095Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-285",
                "description": "CWE-285 Improper Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-16T19:29:37.532Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Spring Framework",
          "vendor": "VMware",
          "versions": [
            {
              "lessThan": "6.2.11",
              "status": "affected",
              "version": "6.2.x",
              "versionType": "OSS"
            },
            {
              "lessThan": "6.1.23",
              "status": "affected",
              "version": "6.1.x",
              "versionType": "commercial"
            },
            {
              "lessThan": "5.3.45",
              "status": "affected",
              "version": "5.3.x",
              "versionType": "COMMERCIAL"
            }
          ]
        }
      ],
      "datePublic": "2025-09-15T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions.\u003c/p\u003e\u003cp\u003eYour application may be affected by this if you are using Spring Security\u0027s \u003ccode\u003e@EnableMethodSecurity\u003c/code\u003e\u0026nbsp;feature.\u003c/p\u003e\u003cp\u003eYou are not affected by this if you are not using \u003ccode\u003e@EnableMethodSecurity\u003c/code\u003e\u0026nbsp;or if you do not use security annotations on methods in generic superclasses or generic interfaces.\u003c/p\u003e\u003cp\u003eThis CVE is published in conjunction with \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://spring.io/security/cve-2025-41248\"\u003eCVE-2025-41248\u003c/a\u003e.\u003c/p\u003e"
            }
          ],
          "value": "The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions.\n\nYour application may be affected by this if you are using Spring Security\u0027s @EnableMethodSecurity\u00a0feature.\n\nYou are not affected by this if you are not using @EnableMethodSecurity\u00a0or if you do not use security annotations on methods in generic superclasses or generic interfaces.\n\nThis CVE is published in conjunction with  CVE-2025-41248 https://spring.io/security/cve-2025-41248 ."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T10:15:34.118Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2025-41249"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE-2025-41249: Spring Framework Annotation Detection Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2025-41249",
    "datePublished": "2025-09-16T10:15:34.118Z",
    "dateReserved": "2025-04-16T09:30:25.625Z",
    "dateUpdated": "2025-09-16T19:29:37.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48976 (GCVE-0-2025-48976)

Vulnerability from cvelistv5 – Published: 2025-06-16 15:00 – Updated: 2025-11-03 20:05

Title

Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers

Summary

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Allocation of resources with insufficient limits
CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

apache

References

4 references

URL	Tags
https://lists.apache.org/thread/fbs3wrr3p67vkjcxo…	vendor-advisory
http://www.openwall.com/lists/oss-security/2025/06/16/4
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Apache Software Foundation	Apache Commons FileUpload	Affected: 1.0 , < 1.6 (semver)
Apache Software Foundation	Apache Commons FileUpload	Affected: 2.0.0-M1 , < 2.0.0-M4 (semver)

Credits

TERASOLUNA Framework Security Team of NTT DATA Group Corporation

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:05:02.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/06/16/4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-17T14:04:56.145891Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T14:07:34.067Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "commons-fileupload:commons-fileupload",
          "product": "Apache Commons FileUpload",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.6",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-fileupload2",
          "product": "Apache Commons FileUpload",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.0.0-M4",
              "status": "affected",
              "version": "2.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "TERASOLUNA Framework Security Team of NTT DATA Group Corporation"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAllocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.\n\nThis issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.\n\nUsers are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Allocation of resources with insufficient limits",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-16T15:00:48.140Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48976",
    "datePublished": "2025-06-16T15:00:48.140Z",
    "dateReserved": "2025-05-29T07:19:14.431Z",
    "dateUpdated": "2025-11-03T20:05:02.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59343 (GCVE-0-2025-59343)

Vulnerability from cvelistv5 – Published: 2025-09-24 17:43 – Updated: 2025-11-03 18:13

Title

tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

Summary

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-61 - UNIX Symbolic Link (Symlink) Following

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/mafintosh/tar-fs/security/advi…	x_refsource_CONFIRM
https://github.com/mafintosh/tar-fs/commit/0bd54c…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
mafintosh	tar-fs	Affected: >= 3.0.0, < 3.1.1 Affected: >= 2.0.0, < 2.1.3 Affected: < 1.16.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59343",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-03T14:49:04.310765Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-03T14:49:06.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:13:55.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00028.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tar-fs",
          "vendor": "mafintosh",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.1.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.1.3"
            },
            {
              "status": "affected",
              "version": "\u003c 1.16.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-24T17:43:34.728Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
        },
        {
          "name": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
        }
      ],
      "source": {
        "advisory": "GHSA-vj76-c3g6-qr5v",
        "discovery": "UNKNOWN"
      },
      "title": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-59343",
    "datePublished": "2025-09-24T17:43:34.728Z",
    "dateReserved": "2025-09-12T12:36:24.636Z",
    "dateUpdated": "2025-11-03T18:13:55.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66021 (GCVE-0-2025-66021)

Vulnerability from cvelistv5 – Published: 2025-11-26 01:53 – Updated: 2025-11-26 15:16

Title

OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization

Summary

OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style tags with allowTextIn inside the style tag. This could lead to XSS if the payload is crafted in such a way that it does not sanitise the CSS and allows tags which is not mentioned in HTML policy. At time of publication no known patch is available.

Severity

8.6 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/OWASP/java-html-sanitizer/secu…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
OWASP	java-html-sanitizer	Affected: = 20240325.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66021",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-26T15:15:53.738095Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-26T15:16:17.063Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "java-html-sanitizer",
          "vendor": "OWASP",
          "versions": [
            {
              "status": "affected",
              "version": "= 20240325.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1,  OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style tags with allowTextIn inside the style tag. This could lead to XSS if the payload is crafted in such a way that it does not sanitise the CSS and allows tags which is not mentioned in HTML policy. At time of publication no known patch is available."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-26T01:53:37.578Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2"
        }
      ],
      "source": {
        "advisory": "GHSA-g9gq-3pfx-2gw2",
        "discovery": "UNKNOWN"
      },
      "title": "OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66021",
    "datePublished": "2025-11-26T01:53:37.578Z",
    "dateReserved": "2025-11-21T01:08:02.613Z",
    "dateUpdated": "2025-11-26T15:16:17.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0438

CVE-2020-28469 (GCVE-0-2020-28469)

CVE-2022-25883 (GCVE-0-2022-25883)

CVE-2022-25927 (GCVE-0-2022-25927)

CVE-2025-41249 (GCVE-0-2025-41249)

CVE-2025-48976 (GCVE-0-2025-48976)

CVE-2025-59343 (GCVE-0-2025-59343)

CVE-2025-66021 (GCVE-0-2025-66021)

Tags

Sightings

Nomenclature