diff --git a/2025/46xxx/CVE-2025-46653.json b/2025/46xxx/CVE-2025-46653.json new file mode 100644 index 00000000000..0a822e12665 --- /dev/null +++ b/2025/46xxx/CVE-2025-46653.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-46653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not \"cryptographically secure.\" (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md", + "refsource": "MISC", + "name": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md" + }, + { + "url": "https://github.com/node-formidable/formidable/blob/d0fbec13edc8add54a1afb9ce1a8d3db803f8d47/CHANGELOG.md?plain=1#L10", + "refsource": "MISC", + "name": "https://github.com/node-formidable/formidable/blob/d0fbec13edc8add54a1afb9ce1a8d3db803f8d47/CHANGELOG.md?plain=1#L10" + }, + { + "url": "https://github.com/node-formidable/formidable/commit/022c2c5577dfe14d2947f10909d81b03b6070bf5", + "refsource": "MISC", + "name": "https://github.com/node-formidable/formidable/commit/022c2c5577dfe14d2947f10909d81b03b6070bf5" + } + ] + } +} \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46654.json b/2025/46xxx/CVE-2025-46654.json new file mode 100644 index 00000000000..a65b4a81994 --- /dev/null +++ b/2025/46xxx/CVE-2025-46654.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-46654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hackmdio/codimd/issues/1910", + "refsource": "MISC", + "name": "https://github.com/hackmdio/codimd/issues/1910" + }, + { + "url": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md", + "refsource": "MISC", + "name": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md" + } + ] + } +} \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46655.json b/2025/46xxx/CVE-2025-46655.json new file mode 100644 index 00000000000..a04e0470d30 --- /dev/null +++ b/2025/46xxx/CVE-2025-46655.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-46655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hackmdio/codimd/issues/1910", + "refsource": "MISC", + "name": "https://github.com/hackmdio/codimd/issues/1910" + }, + { + "url": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md", + "refsource": "MISC", + "name": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md" + } + ] + } +} \ No newline at end of file