From e53c58493f49164969d4acd151b50cb3121f76b5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 14 Feb 2025 20:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/1xxx/CVE-2025-1305.json | 18 +++++++ 2025/1xxx/CVE-2025-1306.json | 18 +++++++ 2025/1xxx/CVE-2025-1307.json | 18 +++++++ 2025/1xxx/CVE-2025-1308.json | 18 +++++++ 2025/1xxx/CVE-2025-1309.json | 18 +++++++ 2025/1xxx/CVE-2025-1310.json | 18 +++++++ 2025/25xxx/CVE-2025-25184.json | 4 +- 2025/25xxx/CVE-2025-25285.json | 86 ++++++++++++++++++++++++++++++++-- 2025/25xxx/CVE-2025-25288.json | 86 ++++++++++++++++++++++++++++++++-- 2025/25xxx/CVE-2025-25289.json | 86 ++++++++++++++++++++++++++++++++-- 2025/25xxx/CVE-2025-25290.json | 81 ++++++++++++++++++++++++++++++-- 2025/25xxx/CVE-2025-25296.json | 81 ++++++++++++++++++++++++++++++-- 2025/25xxx/CVE-2025-25297.json | 81 ++++++++++++++++++++++++++++++-- 2025/25xxx/CVE-2025-25304.json | 68 +++++++++++++++++++++++++-- 2025/26xxx/CVE-2025-26490.json | 61 +----------------------- 2025/26xxx/CVE-2025-26491.json | 61 +----------------------- 2025/26xxx/CVE-2025-26797.json | 18 +++++++ 2025/26xxx/CVE-2025-26798.json | 18 +++++++ 2025/26xxx/CVE-2025-26799.json | 18 +++++++ 2025/26xxx/CVE-2025-26800.json | 18 +++++++ 2025/26xxx/CVE-2025-26801.json | 18 +++++++ 2025/26xxx/CVE-2025-26802.json | 18 +++++++ 22 files changed, 763 insertions(+), 148 deletions(-) create mode 100644 2025/1xxx/CVE-2025-1305.json create mode 100644 2025/1xxx/CVE-2025-1306.json create mode 100644 2025/1xxx/CVE-2025-1307.json create mode 100644 2025/1xxx/CVE-2025-1308.json create mode 100644 2025/1xxx/CVE-2025-1309.json create mode 100644 2025/1xxx/CVE-2025-1310.json create mode 100644 2025/26xxx/CVE-2025-26797.json create mode 100644 2025/26xxx/CVE-2025-26798.json create mode 100644 2025/26xxx/CVE-2025-26799.json create mode 100644 2025/26xxx/CVE-2025-26800.json create mode 100644 2025/26xxx/CVE-2025-26801.json create mode 100644 2025/26xxx/CVE-2025-26802.json diff --git a/2025/1xxx/CVE-2025-1305.json b/2025/1xxx/CVE-2025-1305.json new file mode 100644 index 00000000000..a4135f8552c --- /dev/null +++ b/2025/1xxx/CVE-2025-1305.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1305", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1306.json b/2025/1xxx/CVE-2025-1306.json new file mode 100644 index 00000000000..154952eb887 --- /dev/null +++ b/2025/1xxx/CVE-2025-1306.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1306", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1307.json b/2025/1xxx/CVE-2025-1307.json new file mode 100644 index 00000000000..2d0d09e1642 --- /dev/null +++ b/2025/1xxx/CVE-2025-1307.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1307", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1308.json b/2025/1xxx/CVE-2025-1308.json new file mode 100644 index 00000000000..228b39662b5 --- /dev/null +++ b/2025/1xxx/CVE-2025-1308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1309.json b/2025/1xxx/CVE-2025-1309.json new file mode 100644 index 00000000000..f09bcc09e4f --- /dev/null +++ b/2025/1xxx/CVE-2025-1309.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1309", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1310.json b/2025/1xxx/CVE-2025-1310.json new file mode 100644 index 00000000000..cd95b682e19 --- /dev/null +++ b/2025/1xxx/CVE-2025-1310.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1310", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25184.json b/2025/25xxx/CVE-2025-25184.json index 7f44793ac8d..af38e7a5655 100644 --- a/2025/25xxx/CVE-2025-25184.json +++ b/2025/25xxx/CVE-2025-25184.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.11, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. When a user provides the authorization credentials via Rack::Auth::Basic, if success, the username will be put in env['REMOTE_USER'] and later be used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files. Versions 2.2.11, 3.0.12, and 3.1.11 contain a fix." + "value": "Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. When a user provides the authorization credentials via Rack::Auth::Basic, if success, the username will be put in env['REMOTE_USER'] and later be used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files. Versions 2.2.11, 3.0.12, and 3.1.10 contain a fix." } ] }, @@ -58,7 +58,7 @@ }, { "version_affected": "=", - "version_value": ">= 3.1, < 3.1.11" + "version_value": ">= 3.1, < 3.1.10" } ] } diff --git a/2025/25xxx/CVE-2025-25285.json b/2025/25xxx/CVE-2025-25285.json index 46b9d8b7f2e..0ebfe503e00 100644 --- a/2025/25xxx/CVE-2025-25285.json +++ b/2025/25xxx/CVE-2025-25285.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25285", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific `options` parameters, the `endpoint.parse(options)` call can be triggered, leading to a regular expression denial-of-service (ReDoS) attack. This causes the program to hang and results in high CPU utilization. The issue occurs in the `parse` function within the `parse.ts` file of the npm package `@octokit/endpoint`. Version 10.1.3 contains a patch for the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "octokit", + "product": { + "product_data": [ + { + "product_name": "endpoint.js", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.1.0, < 10.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/octokit/endpoint.js/security/advisories/GHSA-x4c5-c7rf-jjgv", + "refsource": "MISC", + "name": "https://github.com/octokit/endpoint.js/security/advisories/GHSA-x4c5-c7rf-jjgv" + }, + { + "url": "https://github.com/octokit/endpoint.js/commit/6c9c5be033c450d436efb37de41b6470c22f7db8", + "refsource": "MISC", + "name": "https://github.com/octokit/endpoint.js/commit/6c9c5be033c450d436efb37de41b6470c22f7db8" + }, + { + "url": "https://github.com/octokit/endpoint.js/blob/main/src/parse.ts", + "refsource": "MISC", + "name": "https://github.com/octokit/endpoint.js/blob/main/src/parse.ts" + } + ] + }, + "source": { + "advisory": "GHSA-x4c5-c7rf-jjgv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2025/25xxx/CVE-2025-25288.json b/2025/25xxx/CVE-2025-25288.json index f90170df8ac..8c845dab137 100644 --- a/2025/25xxx/CVE-2025-25288.json +++ b/2025/25xxx/CVE-2025-25288.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25288", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package `@octokit/plugin-paginate-rest`, when calling `octokit.paginate.iterator()`, a specially crafted `octokit` instance\u2014particularly with a malicious `link` parameter in the `headers` section of the `request`\u2014can trigger a ReDoS attack. Version 11.4.1 contains a fix for the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "octokit", + "product": { + "product_data": [ + { + "product_name": "plugin-paginate-rest.js", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.0.0, < 11.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/octokit/plugin-paginate-rest.js/security/advisories/GHSA-h5c3-5r3r-rr8q", + "refsource": "MISC", + "name": "https://github.com/octokit/plugin-paginate-rest.js/security/advisories/GHSA-h5c3-5r3r-rr8q" + }, + { + "url": "https://github.com/octokit/plugin-paginate-rest.js/commit/bb6c4f945d8023902cf387391d2b2209261044ab", + "refsource": "MISC", + "name": "https://github.com/octokit/plugin-paginate-rest.js/commit/bb6c4f945d8023902cf387391d2b2209261044ab" + }, + { + "url": "https://github.com/octokit/plugin-paginate-rest.js/blob/main/src/iterator.ts", + "refsource": "MISC", + "name": "https://github.com/octokit/plugin-paginate-rest.js/blob/main/src/iterator.ts" + } + ] + }, + "source": { + "advisory": "GHSA-h5c3-5r3r-rr8q", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2025/25xxx/CVE-2025-25289.json b/2025/25xxx/CVE-2025-25289.json index 768c270d485..a60417b78d2 100644 --- a/2025/25xxx/CVE-2025-25289.json +++ b/2025/25xxx/CVE-2025-25289.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25289", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and \"@\", an attacker can exploit inefficient regular expression processing, leading to excessive resource consumption. This can significantly degrade server performance or cause a denial-of-service (DoS) condition, impacting availability. Version 6.1.7 contains a fix for the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "octokit", + "product": { + "product_data": [ + { + "product_name": "request-error.js", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.0.0, < 6.1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/octokit/request-error.js/security/advisories/GHSA-xx4v-prfh-6cgc", + "refsource": "MISC", + "name": "https://github.com/octokit/request-error.js/security/advisories/GHSA-xx4v-prfh-6cgc" + }, + { + "url": "https://github.com/octokit/request-error.js/commit/d558320874a4bc8d356babf1079e6f0056a59b9e", + "refsource": "MISC", + "name": "https://github.com/octokit/request-error.js/commit/d558320874a4bc8d356babf1079e6f0056a59b9e" + }, + { + "url": "https://github.com/octokit/request-error.js/blob/main/src/index.ts", + "refsource": "MISC", + "name": "https://github.com/octokit/request-error.js/blob/main/src/index.ts" + } + ] + }, + "source": { + "advisory": "GHSA-xx4v-prfh-6cgc", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2025/25xxx/CVE-2025-25290.json b/2025/25xxx/CVE-2025-25290.json index 8b1006e43bf..d1a12c5a993 100644 --- a/2025/25xxx/CVE-2025-25290.json +++ b/2025/25xxx/CVE-2025-25290.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25290", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "@octokit/request sends parameterized requests to GitHub\u2019s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to version 9.2.1, the regular expression `/<([^>]+)>; rel=\"deprecation\"/` used to match the `link` header in HTTP responses is vulnerable to a ReDoS (Regular Expression Denial of Service) attack. This vulnerability arises due to the unbounded nature of the regex's matching behavior, which can lead to catastrophic backtracking when processing specially crafted input. An attacker could exploit this flaw by sending a malicious `link` header, resulting in excessive CPU usage and potentially causing the server to become unresponsive, impacting service availability. Version 9.2.1 fixes the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "octokit", + "product": { + "product_data": [ + { + "product_name": "request.js", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.0.0, < 9.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/octokit/request.js/security/advisories/GHSA-rmvr-2pp2-xj38", + "refsource": "MISC", + "name": "https://github.com/octokit/request.js/security/advisories/GHSA-rmvr-2pp2-xj38" + }, + { + "url": "https://github.com/octokit/request.js/commit/34ff07ee86fc5c20865982d77391bc910ef19c68", + "refsource": "MISC", + "name": "https://github.com/octokit/request.js/commit/34ff07ee86fc5c20865982d77391bc910ef19c68" + } + ] + }, + "source": { + "advisory": "GHSA-rmvr-2pp2-xj38", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2025/25xxx/CVE-2025-25296.json b/2025/25xxx/CVE-2025-25296.json index fe97f719057..09879252c77 100644 --- a/2025/25xxx/CVE-2025-25296.json +++ b/2025/25xxx/CVE-2025-25296.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25296", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution. The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims' browsers by getting them to visit a maliciously crafted URL. This is considered vulnerable because it enables attackers to execute JavaScript in victims' contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions. Version 1.16.0 contains a patch for the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HumanSignal", + "product": { + "product_data": [ + { + "product_name": "label-studio", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.16.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-wpq5-3366-mqw4", + "refsource": "MISC", + "name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-wpq5-3366-mqw4" + }, + { + "url": "https://github.com/HumanSignal/label-studio/commit/8cf6958e1e27ef6a03ed287e674470975d340885", + "refsource": "MISC", + "name": "https://github.com/HumanSignal/label-studio/commit/8cf6958e1e27ef6a03ed287e674470975d340885" + } + ] + }, + "source": { + "advisory": "GHSA-wpq5-3366-mqw4", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/25xxx/CVE-2025-25297.json b/2025/25xxx/CVE-2025-25297.json index 402e95d155d..ea1c3a6eed6 100644 --- a/2025/25xxx/CVE-2025-25297.json +++ b/2025/25xxx/CVE-2025-25297.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25297", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery (SSRF) vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a custom S3 endpoint URL via the s3_endpoint parameter. This endpoint URL is passed directly to the boto3 AWS SDK without proper validation or restrictions on the protocol or destination. The vulnerability allows an attacker to make the application send HTTP requests to arbitrary internal services by specifying them as the S3 endpoint. When the storage sync operation is triggered, the application attempts to make S3 API calls to the specified endpoint, effectively making HTTP requests to the target service and returning the response in error messages. This SSRF vulnerability enables attackers to bypass network segmentation and access internal services that should not be accessible from the external network. The vulnerability is particularly severe because error messages from failed requests contain the full response body, allowing data exfiltration from internal services. Version 1.16.0 contains a patch for the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918: Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HumanSignal", + "product": { + "product_data": [ + { + "product_name": "label-studio", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.16.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-m238-fmcw-wh58", + "refsource": "MISC", + "name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-m238-fmcw-wh58" + }, + { + "url": "https://github.com/HumanSignal/label-studio/commit/06a2b29c1208e1878ccae66e6b84c8b24598fa79", + "refsource": "MISC", + "name": "https://github.com/HumanSignal/label-studio/commit/06a2b29c1208e1878ccae66e6b84c8b24598fa79" + } + ] + }, + "source": { + "advisory": "GHSA-m238-fmcw-wh58", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/25xxx/CVE-2025-25304.json b/2025/25xxx/CVE-2025-25304.json index 87ca47177ed..543a374a2c5 100644 --- a/2025/25xxx/CVE-2025-25304.json +++ b/2025/25xxx/CVE-2025-25304.json @@ -1,18 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the `vlSelectionTuples` function can be used to call JavaScript functions, leading to cross-site scripting.`vlSelectionTuples` calls multiple functions that can be controlled by an attacker, including one call with an attacker-controlled argument. This can be used to call `Function()` with arbitrary JavaScript and the resulting function can be called with `vlSelectionTuples` or using a type coercion to call `toString` or `valueOf`. Version 5.26.0 of vega and 5.4.2 of vega-selections fix this issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vega", + "product": { + "product_data": [ + { + "product_name": "vega", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 5.26.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vega/vega/security/advisories/GHSA-mp7w-mhcv-673j", + "refsource": "MISC", + "name": "https://github.com/vega/vega/security/advisories/GHSA-mp7w-mhcv-673j" + }, + { + "url": "https://github.com/vega/vega/commit/9fb9ea07e27984394e463d286eb73944fa61411e", + "refsource": "MISC", + "name": "https://github.com/vega/vega/commit/9fb9ea07e27984394e463d286eb73944fa61411e" + }, + { + "url": "https://github.com/vega/vega/blob/b45cf431cd6c0d0c0e1567f087f9b3b55bc236fa/packages/vega-selections/src/selectionTuples.js#L14", + "refsource": "MISC", + "name": "https://github.com/vega/vega/blob/b45cf431cd6c0d0c0e1567f087f9b3b55bc236fa/packages/vega-selections/src/selectionTuples.js#L14" + } + ] + }, + "source": { + "advisory": "GHSA-mp7w-mhcv-673j", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26490.json b/2025/26xxx/CVE-2025-26490.json index deb9f7890ac..8a421279369 100644 --- a/2025/26xxx/CVE-2025-26490.json +++ b/2025/26xxx/CVE-2025-26490.json @@ -5,70 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2025-26490", "ASSIGNER": "productcert@siemens.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Intelligence (All versions < V2501). Personal access token disclosure vulnerability in Tableau Server. For details go to help.salesforce.com and search for knowledge article id 000390611." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-532: Insertion of Sensitive Information into Log File", - "cweId": "CWE-532" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Siemens", - "product": { - "product_data": [ - { - "product_name": "Opcenter Intelligence", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "V2501" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://cert-portal.siemens.com/productcert/html/ssa-246355.html", - "refsource": "MISC", - "name": "https://cert-portal.siemens.com/productcert/html/ssa-246355.html" - } - ] - }, - "impact": { - "cvss": [ - { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "baseScore": 4.9, - "baseSeverity": "MEDIUM" + "value": "** REJECT ** This CVE ID is a duplicate of CVE-2025-26495." } ] } diff --git a/2025/26xxx/CVE-2025-26491.json b/2025/26xxx/CVE-2025-26491.json index e08dff34068..2df16e148c1 100644 --- a/2025/26xxx/CVE-2025-26491.json +++ b/2025/26xxx/CVE-2025-26491.json @@ -5,70 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2025-26491", "ASSIGNER": "productcert@siemens.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Intelligence (All versions < V2501). Server-side request forgery (SSRF) vulnerability in Tableau Server. For details go to help.salesforce.com and search for knowledge article id 001534936." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-918: Server-Side Request Forgery (SSRF)", - "cweId": "CWE-918" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Siemens", - "product": { - "product_data": [ - { - "product_name": "Opcenter Intelligence", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "V2501" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://cert-portal.siemens.com/productcert/html/ssa-246355.html", - "refsource": "MISC", - "name": "https://cert-portal.siemens.com/productcert/html/ssa-246355.html" - } - ] - }, - "impact": { - "cvss": [ - { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", - "baseScore": 7.7, - "baseSeverity": "HIGH" + "value": "** REJECT ** This CVE ID is a duplicate of CVE-2025-26494." } ] } diff --git a/2025/26xxx/CVE-2025-26797.json b/2025/26xxx/CVE-2025-26797.json new file mode 100644 index 00000000000..a7c651e53fa --- /dev/null +++ b/2025/26xxx/CVE-2025-26797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26798.json b/2025/26xxx/CVE-2025-26798.json new file mode 100644 index 00000000000..1a279998fbd --- /dev/null +++ b/2025/26xxx/CVE-2025-26798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26799.json b/2025/26xxx/CVE-2025-26799.json new file mode 100644 index 00000000000..ecacd0b2d04 --- /dev/null +++ b/2025/26xxx/CVE-2025-26799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26800.json b/2025/26xxx/CVE-2025-26800.json new file mode 100644 index 00000000000..b7ae9752a42 --- /dev/null +++ b/2025/26xxx/CVE-2025-26800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26801.json b/2025/26xxx/CVE-2025-26801.json new file mode 100644 index 00000000000..1b4b789b8ce --- /dev/null +++ b/2025/26xxx/CVE-2025-26801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26802.json b/2025/26xxx/CVE-2025-26802.json new file mode 100644 index 00000000000..d34c13383b3 --- /dev/null +++ b/2025/26xxx/CVE-2025-26802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file