Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit e669840a3c68 · 2026-04-16T23:01:12.000Z
GHSA-p2gh-cfq4-4wjc GHSA-f3g8-9xv5-77gv GHSA-m5wg-cjgh-223j GHSA-qjfj-3mm5-vrjg GHSA-r7w7-9xr2-qq2r GHSA-qjfj-3mm5-vrjg
diff --git a/advisories/github-reviewed/2026/03/GHSA-p2gh-cfq4-4wjc/GHSA-p2gh-cfq4-4wjc.json b/advisories/github-reviewed/2026/03/GHSA-p2gh-cfq4-4wjc/GHSA-p2gh-cfq4-4wjc.json
@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p2gh-cfq4-4wjc",
-  "modified": "2026-03-25T21:02:08Z",
+  "modified": "2026-04-16T22:59:37Z",
   "published": "2026-03-25T21:02:08Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-6409"
+  ],
   "summary": "Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion",
   "details": "### Impact\nA Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative `varint`s or deep recursion—can be used to crash the application, impacting service availability.\n\n### Patches\nPatches have been released to 5.34.0-RC1 and 4.33.6.",
   "severity": [
@@ -38,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4wjc"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6409"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/protocolbuffers/protobuf/issues/24159"
diff --git a/advisories/github-reviewed/2026/04/GHSA-f3g8-9xv5-77gv/GHSA-f3g8-9xv5-77gv.json b/advisories/github-reviewed/2026/04/GHSA-f3g8-9xv5-77gv/GHSA-f3g8-9xv5-77gv.json
@@ -0,0 +1,93 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f3g8-9xv5-77gv",
+  "modified": "2026-04-16T23:00:45Z",
+  "published": "2026-04-16T23:00:45Z",
+  "aliases": [],
+  "summary": "Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)",
+  "details": "### Summary\nSaltcorn validates the post-login `dest` parameter with a string check that only blocks `:/` and `//`. Because all WHATWG-compliant browsers normalise backslashes (`\\`) to forward slashes (`/`) for special schemes, a payload such as `/\\evil.com/path` slips through `is_relative_url()`, is emitted unchanged in the HTTP `Location` header, and causes the browser to navigate cross-origin to an attacker-controlled domain. The bug is reachable on a default install and only requires a victim who can be tricked into logging in via a crafted Saltcorn URL.\n\n### Details\nVulnerable function: `packages/server/routes/utils.js:393-395`\n\n```js\nconst is_relative_url = (url) => {\n  return typeof url === \"string\" && !url.includes(\":/\") && !url.includes(\"//\");\n};\n```\n\nThe function's intent is to allow only same-origin redirects, but the allow-list only checks for two literal substrings. It does not handle:\n- backslash characters, which WHATWG URL parsing (used by every modern browser) treats as forward slashes for the special schemes `http`, `https`, `ftp`, `ws`, `wss`. A URL parser fed `/\\evil.com/path` with a base of `http://victim/` resolves to `http://evil.com/path`.\n- non-`http(s):` schemes that do not contain `:/`. The strings `javascript:alert(1)`, `data:text/html,...`, `vbscript:...` all pass.\n\nVulnerable callsite: `packages/server/auth/routes.js:1371-1376`\n\n```js\n} else if (\n  (req.body || {}).dest &&\n  is_relative_url(decodeURIComponent((req.body || {}).dest))\n) {\n  res.redirect(decodeURIComponent((req.body || {}).dest));\n} else res.redirect(\"/\");\n```\n\nThe body's `dest` is URL-decoded twice (once by body-parser, once by the explicit `decodeURIComponent`) and the same value is passed to `res.redirect`. Express 5's `res.redirect` runs the value through `encodeurl@2.0.0`, whose whitelist character class `[^\\x21\\x23-\\x3B\\x3D\\x3F-\\x5F\\x61-\\x7A\\x7C\\x7E]` includes `\\x5C` (backslash). The backslash is therefore not percent-encoded and ends up verbatim in the `Location` response header.\n\n### PoC\n[poc.zip](https://github.com/user-attachments/files/26678853/poc.zip)\n\nPlease extract the uploaded compressed file before proceeding\n1. ./setup.sh\n2. ./poc.sh\n\n<img width=\"419\" height=\"71\" alt=\"스크린샷 2026-04-13 오후 11 44 36\" src=\"https://github.com/user-attachments/assets/9c919ed4-167b-47e3-9873-733f97b44bf0\" />\n\n### Impact\nAny user who can be lured into clicking a Saltcorn login URL crafted by the attacker will, after submitting their valid credentials, be redirected to an attacker-controlled origin. The redirect happens under the trusted Saltcorn domain, so the user has no visual cue that they are about to leave the site. Realistic abuse patterns:\n\n- Credential phishing — the attacker's site renders a forged \"session expired, please log in again\" prompt to capture the password the user just typed.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@saltcorn/server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.4.6"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@saltcorn/server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.5.0-beta.0"
+            },
+            {
+              "fixed": "1.5.6"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@saltcorn/server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.6.0-alpha.0"
+            },
+            {
+              "fixed": "1.6.0-beta.5"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/saltcorn/saltcorn/security/advisories/GHSA-f3g8-9xv5-77gv"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/saltcorn/saltcorn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-601"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-16T23:00:45Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-m5wg-cjgh-223j/GHSA-m5wg-cjgh-223j.json b/advisories/github-reviewed/2026/04/GHSA-m5wg-cjgh-223j/GHSA-m5wg-cjgh-223j.json
@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m5wg-cjgh-223j",
-  "modified": "2026-04-16T15:31:32Z",
+  "modified": "2026-04-16T22:58:58Z",
   "published": "2026-04-16T15:31:32Z",
   "aliases": [
     "CVE-2026-31843"
   ],
+  "summary": "goodoneuz/pay-uz: the /payment/api/editable/update endpoint overwrites existing PHP payment hook files",
   "details": "The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication middleware, enabling remote access without credentials. User-controlled input is directly written into executable PHP files using file_put_contents(). These files are later executed via require() during normal payment processing workflows, resulting in remote code execution under default application behavior. The payment secret token mentioned by the vendor is unrelated to this endpoint and does not mitigate the vulnerability.",
   "severity": [
     {
@@ -17,7 +18,27 @@
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "goodoneuz/pay-uz"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "2.2.24"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -32,7 +53,7 @@
       "url": "https://github.com/goodoneuz/pay-uz/blob/master/src/routes/web.php"
     },
     {
-      "type": "WEB",
+      "type": "PACKAGE",
       "url": "https://github.com/shaxzodbek-uzb/pay-uz"
     },
     {
@@ -45,8 +66,8 @@
       "CWE-284"
     ],
     "severity": "CRITICAL",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-16T22:58:58Z",
     "nvd_published_at": "2026-04-16T13:16:48Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/04/GHSA-qjfj-3mm5-vrjg/GHSA-qjfj-3mm5-vrjg.json b/advisories/github-reviewed/2026/04/GHSA-qjfj-3mm5-vrjg/GHSA-qjfj-3mm5-vrjg.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qjfj-3mm5-vrjg",
+  "modified": "2026-04-16T22:59:19Z",
+  "published": "2026-04-16T15:31:33Z",
+  "withdrawn": "2026-04-16T22:59:19Z",
+  "aliases": [],
+  "summary": "Withdrawn Advisory: Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion",
+  "details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-p2gh-cfq4-4wjc. This link is maintained to preserve external references.\n\n## Original Description\nA Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "google/protobuf"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "< 4.33.6"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4wjc"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6409"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-16T22:59:19Z",
+    "nvd_published_at": "2026-04-16T15:17:41Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-r7w7-9xr2-qq2r/GHSA-r7w7-9xr2-qq2r.json b/advisories/github-reviewed/2026/04/GHSA-r7w7-9xr2-qq2r/GHSA-r7w7-9xr2-qq2r.json
@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r7w7-9xr2-qq2r",
+  "modified": "2026-04-16T23:00:12Z",
+  "published": "2026-04-16T23:00:12Z",
+  "aliases": [],
+  "summary": "langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding",
+  "details": "## Summary\n\n`langchain-openai`'s `_url_to_size()` helper (used by `get_num_tokens_from_messages` for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostname could resolve to a public IP during validation and then to a private/localhost IP during the actual fetch.\n\nThe practical impact is limited because the fetched response body is passed directly to Pillow's `Image.open()` to extract dimensions — the response content is never returned, logged, or otherwise exposed to the caller. An attacker cannot exfiltrate data from internal services through this path. A potential risk is blind probing (inferring whether an internal host/port is open based on timing or error behavior).\n\n## Affected versions\n\n- `langchain-openai` < 1.1.14\n\n## Patched versions\n\n- `langchain-openai` >= 1.1.14 (requires `langchain-core` >= 1.2.31)\n\n## Affected code\n\n**File:** `libs/partners/openai/langchain_openai/chat_models/base.py` — `_url_to_size()`\n\nThe vulnerable pattern was a validate-then-fetch with separate DNS resolution:\n\n```python\nvalidate_safe_url(image_source, allow_private=False, allow_http=True)\n# ... separate network operation with independent DNS resolution ...\nresponse = httpx.get(image_source, timeout=timeout)\n```\n\n## Fix\n\nThe fix replaces the validate-then-fetch pattern with an SSRF-safe httpx transport (`SSRFSafeSyncTransport` from `langchain-core`) that:\n\n- Resolves DNS once and validates all returned IPs against a policy (private ranges, cloud metadata, localhost, k8s internal DNS)\n- Pins the connection to the validated IP, eliminating the DNS rebinding window\n- Disables redirect following to prevent redirect-based SSRF bypasses\n\nThis fix was released in langchain-openai 1.1.14.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "langchain-openai"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.1.14"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-r7w7-9xr2-qq2r"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/langchain-ai/langchain"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-16T23:00:12Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-qjfj-3mm5-vrjg/GHSA-qjfj-3mm5-vrjg.json b/advisories/unreviewed/2026/04/GHSA-qjfj-3mm5-vrjg/GHSA-qjfj-3mm5-vrjg.json
