Publish Advisories

GHSA-j95m-rcjp-q69h
GHSA-cpf4-pmr4-w6cx
GHSA-g582-8vwr-68h2
GHSA-x4qj-2f4q-r4rx

Author: advisory-database[bot]

advisories/github-reviewed/2025/03/GHSA-j95m-rcjp-q69h/GHSA-j95m-rcjp-q69h.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j95m-rcjp-q69h",
-  "modified": "2025-03-28T14:45:59Z",
+  "modified": "2025-11-05T20:55:27Z",
   "published": "2025-03-28T14:45:59Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2025-64346"
+  ],
   "summary": "github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
   "details": "### Impact\n\nA malicious user could feed a specially crafted archive to this library causing RCE, modification of files or other bad things in the context of whatever user is running this library as, through the program that imports it.\n\nThe severity highly depends on the user's permissions and environment it is being ran in (e.g., non root, read only root container would likely have no impact vs running something as root on a production system).\n\nThe severity is also dependent on **arbitrary archives** being passed or not.\n\nBased on the above, severity high was picked to be safe.\n\n### Patches\n\nPatched with the help of snyk and gosec in v1.0.1\n\n### Workarounds\n\nThe only workaround is to manually validate archives before submitting them to this library, however that is not recommended vs upgrading to unaffected versions.\n\n### References\n\nhttps://security.snyk.io/research/zip-slip-vulnerability",
   "severity": [

advisories/github-reviewed/2025/11/GHSA-cpf4-pmr4-w6cx/GHSA-cpf4-pmr4-w6cx.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cpf4-pmr4-w6cx",
-  "modified": "2025-11-05T19:52:01Z",
+  "modified": "2025-11-05T20:55:44Z",
   "published": "2025-11-05T19:52:01Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2025-64431"
+  ],
   "summary": "IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering",
   "details": "### Summary\n\nZITADEL's Organization V2Beta API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users with specific **administrator** roles within one organization to access and modify data belonging to **other** organizations.\n\n### Impact\n\nZITADEL's Organization V2Beta API, intended for managing ZITADEL organizations, contains multiple endpoints that fail to properly authorize authenticated users. An attacker with an administrator role for a specific organization could exploit this to bypass access controls and perform unauthorized actions on other organizations within the same ZITADEL instance.\n\nThis could allow an attacker to:\n\n- **Read** organization data, including the name, domains and metadata.\n- **Manipulate** (modify) the corresponding organization data.\n- **Delete** the corresponding data, up to and including the entire organization.\n\nNote that this vulnerability is limited to organization-level data (name, domains, metadata). **No other related data (such as users, projects, applications, etc.) is affected.**\n\n### Affected Versions\n\nSystems running one of the following versions are affected:\n- **v4.x**: `4.0.0-rc.1` through `4.6.2`\n\n### Patches\n\nThe vulnerability has been addressed in the latest release. The patch resolves the issue by correctly validating the caller's permission against the target organization.\n\n- v4.x: Upgrade to version [4.6.3](https://github.com/zitadel/zitadel/releases/tag/v4.6.3) or later.\n\n### Workarounds\n\nUpgrading to a patched version is the recommended solution.\n\nIf an immediate upgrade is not possible, mitigation can be achieved by disabling the affected Organization V2Beta API endpoints (e.g., /v2beta/organizations/...) at a reverse proxy or Web Application Firewall (WAF) level.\n\n### Questions\n\nIf you have any questions or comments about this advisory, please email us at [[email protected]](mailto:[email protected])",
   "severity": [

advisories/github-reviewed/2025/11/GHSA-g582-8vwr-68h2/GHSA-g582-8vwr-68h2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g582-8vwr-68h2",
-  "modified": "2025-11-03T20:13:26Z",
+  "modified": "2025-11-05T20:55:17Z",
   "published": "2025-11-03T20:13:26Z",
   "aliases": [
     "CVE-2025-62520"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62520"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3"
@@ -60,6 +64,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-03T20:13:26Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-04T22:16:38Z"
   }
 }

advisories/github-reviewed/2025/11/GHSA-x4qj-2f4q-r4rx/GHSA-x4qj-2f4q-r4rx.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x4qj-2f4q-r4rx",
-  "modified": "2025-11-05T19:52:27Z",
+  "modified": "2025-11-05T20:55:36Z",
   "published": "2025-11-05T19:52:27Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2025-64430"
+  ],
   "summary": "Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format",
   "details": "### Impact\n\nA Server-Side Request Forgery (SSRF) vulnerability in the file upload functionality when trying to upload a `Parse.File` with `uri` parameter allows to execute an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is provided in the request. A request to the provided URI is executed, but the response is not stored in Parse Server's file storage as the server crashes upon receiving the response.\n\n### Patches\n\nThe feature has been implemented in Parse Server 4.2.0 but never worked and reliably crashes the server when trying to use it due to a bug in its implementation. Since the feature is not currently working, and due to its risky nature, it has been removed to address the vulnerability.\n\n### Workarounds\n\nNone.",
   "severity": [