Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-j443-wcqq-xprh/GHSA-j443-wcqq-xprh.json

@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j443-wcqq-xprh",
+  "modified": "2026-03-11T00:32:49Z",
+  "published": "2026-03-11T00:32:49Z",
+  "aliases": [],
+  "summary": "Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go",
+  "details": "### Summary\n\nA critical vulnerability has been identified at https://security.snyk.io/package/linux/chainguard:latest/terraform-provider-sendgrid, associated with the underlying Go version.\n\nIf the server's TLS configuration is mutated between connections — for example, a CA is removed from the trusted list via `Config.Clone()` combined with modification or `GetConfigForClient` — the resumed handshake still succeeds using the cached session. The certificate is not re-checked against the updated CA list.\n\nAs a result, a client whose CA was revoked or removed between the first and second connection could still establish a connection on the resumed session.\n\n### Details\n\nIf the server's TLS configuration is mutated between connections — for example, a CA is removed from the trusted list via `Config.Clone()` combined with modification or `GetConfigForClient` — the resumed handshake still succeeds using the cached session. The certificate is not re-checked against the updated CA list.\n\nConsequently, a client whose CA was revoked or removed between the first and second connection could still establish a connection on the resumed session.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/arslanbekov/terraform-provider-sendgrid"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "1.1.3-0.20250606002314-b4a2dfeb7b0f"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/arslanbekov/terraform-provider-sendgrid/security/advisories/GHSA-j443-wcqq-xprh"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-h355-32pf-p2xm"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/arslanbekov/terraform-provider-sendgrid"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.snyk.io/vuln/SNYK-CHAINGUARDLATEST-TERRAFORMPROVIDERSENDGRID-15265295"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-295"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-11T00:32:49Z",
+    "nvd_published_at": null
+  }
+}

…-jw5g-f64p-6x78/GHSA-jw5g-f64p-6x78.json …-jw5g-f64p-6x78/GHSA-jw5g-f64p-6x78.jsonadvisories/unreviewed/2026/03/GHSA-jw5g-f64p-6x78/GHSA-jw5g-f64p-6x78.json renamed to advisories/github-reviewed/2026/03/GHSA-jw5g-f64p-6x78/GHSA-jw5g-f64p-6x78.json advisories/unreviewed/2026/03/GHSA-jw5g-f64p-6x78/GHSA-jw5g-f64p-6x78.json renamed to advisories/github-reviewed/2026/03/GHSA-jw5g-f64p-6x78/GHSA-jw5g-f64p-6x78.json

@@ -1,19 +1,40 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jw5g-f64p-6x78",
-  "modified": "2026-03-10T09:31:46Z",
+  "modified": "2026-03-11T00:31:16Z",
   "published": "2026-03-10T09:31:46Z",
   "aliases": [
     "CVE-2026-1776"
   ],
-  "details": "Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality when the application is configured to use the CamaleonCmsAwsUploader backend. Unlike the local uploader implementation, the AWS uploader does not validate file paths with valid_folder_path?, allowing directory traversal sequences to be supplied via the file parameter. As a result, any authenticated user, including low-privileged registered users, can access sensitive files such as /etc/passwd. This issue represents a bypass of the incomplete fix for CVE-2024-46987 and affects deployments using the AWS S3 storage backend.",
+  "summary": "Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation",
+  "details": "Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality when the application is configured to use the CamaleonCmsAwsUploader backend. Unlike the local uploader implementation, the AWS uploader does not validate file paths with valid_folder_path?, allowing directory traversal sequences to be supplied via the file parameter. As a result, any authenticated user, including low-privileged registered users, can access sensitive files such as /etc/passwd. This issue represents a bypass of the incomplete fix for CVE-2024-46987 and affects deployments using the AWS S3 storage backend.",
   "severity": [
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "RubyGems",
+        "name": "camaleon_cms"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.4.5.0"
+            },
+            {
+              "last_affected": "2.9.1"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "affected": [],
   "references": [
     {
       "type": "ADVISORY",
@@ -31,6 +52,10 @@
       "type": "WEB",
       "url": "https://camaleon.website"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/owen2345/camaleon-cms"
+    },
     {
       "type": "WEB",
       "url": "https://www.vulncheck.com/advisories/camaleon-cms-aws-uploader-authenticated-path-traversal-arbitrary-file-read"
@@ -41,8 +66,8 @@
       "CWE-22"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-11T00:31:16Z",
     "nvd_published_at": "2026-03-10T07:38:01Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-rmrf-g9r3-73pm/GHSA-rmrf-g9r3-73pm.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rmrf-g9r3-73pm",
+  "modified": "2026-03-11T00:33:30Z",
+  "published": "2026-03-11T00:33:30Z",
+  "aliases": [
+    "CVE-2026-31866"
+  ],
+  "summary": "flagd Vulnerable to Allocation of Resources Without Limits or Throttling",
+  "details": "## Details\n\nflagd exposes OFREP (`/ofrep/v1/evaluate/...`) and gRPC (`evaluation.v1`, `evaluation.v2`) endpoints for feature flag evaluation. These endpoints are designed to be publicly accessible by client applications.\n\nThe evaluation context included in request payloads is read into memory without any size restriction. An attacker can send a single HTTP request with an arbitrarily large body, causing flagd to allocate a corresponding amount of memory. This leads to immediate memory exhaustion and process termination (e.g., OOMKill in Kubernetes environments).\n\nflagd does not natively enforce authentication on its evaluation endpoints. While operators may deploy flagd behind an authenticating reverse proxy or similar infrastructure, the endpoints themselves impose no access control by default.\n\n## Impact\n\n- **Denial of Service:** A single crafted request can crash the flagd process.\n- **Service Disruption:** All applications relying on the affected flagd instance for feature flag evaluation will lose access to flag evaluations until the process restarts.\n- **Repeated Exploitation:** An attacker can continuously send oversized requests to prevent recovery.\n\n## Affected Endpoints\n\n- `/ofrep/v1/evaluate/flags/{flagKey}` (OFREP single flag evaluation)\n- `/ofrep/v1/evaluate/flags` (OFREP bulk evaluation)\n- `flagd.evaluation.v1.Service/ResolveBoolean` (gRPC/Connect)\n- `flagd.evaluation.v1.Service/ResolveString` (gRPC/Connect)\n- `flagd.evaluation.v1.Service/ResolveFloat` (gRPC/Connect)\n- `flagd.evaluation.v1.Service/ResolveInt` (gRPC/Connect)\n- `flagd.evaluation.v1.Service/ResolveObject` (gRPC/Connect)\n- `flagd.evaluation.v1.Service/ResolveAll` (gRPC/Connect)\n- `flagd.evaluation.v2.Service/ResolveBoolean` (gRPC/Connect)\n- `flagd.evaluation.v2.Service/ResolveString` (gRPC/Connect)\n- `flagd.evaluation.v2.Service/ResolveFloat` (gRPC/Connect)\n- `flagd.evaluation.v2.Service/ResolveInt` (gRPC/Connect)\n- `flagd.evaluation.v2.Service/ResolveObject` (gRPC/Connect)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/open-feature/flagd/flagd"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.14.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/open-feature/flagd/security/advisories/GHSA-rmrf-g9r3-73pm"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open-feature/flagd/commit/25c5fd7e80c26eb2c00b20317b2456fe6f927ea3"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/open-feature/flagd"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-770"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-11T00:33:30Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-v8w9-8mx6-g223/GHSA-v8w9-8mx6-g223.json

@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-v8w9-8mx6-g223",
+  "modified": "2026-03-11T00:31:47Z",
+  "published": "2026-03-11T00:31:47Z",
+  "aliases": [],
+  "summary": "Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })",
+  "details": "## Summary\n\nWhen using `parseBody({ dot: true })` in HonoRequest, specially crafted form field names such as `__proto__.x` could create objects containing a `__proto__` property.\n\nIf the parsed result is later merged into regular JavaScript objects using unsafe merge patterns, this may lead to prototype pollution in the target object.\n\n## Details\n\nThe `parseBody({ dot: true })` feature supports dot notation to construct nested objects from form field names.\n\nIn previous versions, the `__proto__` path segment was not filtered. As a result, specially crafted keys such as `__proto__.x` could produce objects containing `__proto__` properties.\n\nWhile this behavior does not directly modify `Object.prototype` within Hono itself, it may become exploitable if the parsed result is later merged into regular JavaScript objects using unsafe merge patterns.\n\n## Impact\n\nApplications that merge parsed form data into regular objects using unsafe patterns (for example recursive deep merge utilities) may become vulnerable to prototype pollution.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "hono"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "4.12.7"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/honojs/hono/security/advisories/GHSA-v8w9-8mx6-g223"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/honojs/hono/commit/ef902257e0beacbb83d2a9549b3b83e03514a6fe"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/honojs/hono"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1321"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-11T00:31:47Z",
+    "nvd_published_at": null
+  }
+}

advisories/unreviewed/2026/01/GHSA-x6px-8wp8-5cwq/GHSA-x6px-8wp8-5cwq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x6px-8wp8-5cwq",
-  "modified": "2026-01-15T21:31:48Z",
+  "modified": "2026-03-11T00:31:30Z",
   "published": "2026-01-15T21:31:48Z",
   "aliases": [
     "CVE-2026-0203"

advisories/unreviewed/2026/02/GHSA-q4hc-vp2m-fr47/GHSA-q4hc-vp2m-fr47.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q4hc-vp2m-fr47",
-  "modified": "2026-03-02T09:30:29Z",
+  "modified": "2026-03-11T00:31:30Z",
   "published": "2026-02-23T18:32:02Z",
   "aliases": [
     "CVE-2025-14905"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:3504"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:4207"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14905"

advisories/unreviewed/2026/03/GHSA-225v-w4gw-cgwv/GHSA-225v-w4gw-cgwv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-225v-w4gw-cgwv",
-  "modified": "2026-03-10T21:32:18Z",
+  "modified": "2026-03-11T00:31:30Z",
   "published": "2026-03-10T21:32:18Z",
   "aliases": [
     "CVE-2026-0111"
@@ -14,6 +14,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0111"
     },
+    {
+      "type": "WEB",
+      "url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01"
+    },
     {
       "type": "WEB",
       "url": "https://source.android.com/security/bulletin/pixel/2026-03-01"

advisories/unreviewed/2026/03/GHSA-228j-8x4w-rvcx/GHSA-228j-8x4w-rvcx.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-228j-8x4w-rvcx",
-  "modified": "2026-03-10T21:32:18Z",
+  "modified": "2026-03-11T00:31:30Z",
   "published": "2026-03-10T21:32:18Z",
   "aliases": [
     "CVE-2026-0113"
@@ -14,6 +14,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0113"
     },
+    {
+      "type": "WEB",
+      "url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01"
+    },
     {
       "type": "WEB",
       "url": "https://source.android.com/security/bulletin/pixel/2026-03-01"

advisories/unreviewed/2026/03/GHSA-2h2g-8rx7-4c64/GHSA-2h2g-8rx7-4c64.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2h2g-8rx7-4c64",
+  "modified": "2026-03-11T00:31:36Z",
+  "published": "2026-03-11T00:31:36Z",
+  "aliases": [
+    "CVE-2026-21362"
+  ],
+  "details": "Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21362"
+    },
+    {
+      "type": "WEB",
+      "url": "https://helpx.adobe.com/security/products/illustrator/apsb26-18.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-10T23:16:43Z"
+  }
+}