Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 3291ecac0b14 · 2025-12-09T17:25:22.000Z
GHSA-5j8p-438x-rgg5 GHSA-6w82-v552-wjw2 GHSA-93fv-4pm9-xp28
diff --git a/advisories/github-reviewed/2025/12/GHSA-5j8p-438x-rgg5/GHSA-5j8p-438x-rgg5.json b/advisories/github-reviewed/2025/12/GHSA-5j8p-438x-rgg5/GHSA-5j8p-438x-rgg5.json
@@ -0,0 +1,109 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5j8p-438x-rgg5",
+  "modified": "2025-12-09T17:24:09Z",
+  "published": "2025-12-09T17:24:09Z",
+  "aliases": [],
+  "summary": " SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475 ",
+  "details": "**Summary**\n\nThere is a critical vulnerability on xmlseclibs [CVE-2025-66475](https://github.com/robrichards/xmlseclibs/security/advisories/GHSA-c4cc-x928-vjw9), a dependency of php-saml\n\nUpdate to the following versions of php-saml which forces the use of patched versions of xmlseclibs:\n- [2.21.1](https://github.com/SAML-Toolkits/php-saml/releases/tag/2.21.1)\n- [3.8.1](https://github.com/SAML-Toolkits/php-saml/releases/tag/3.8.1)\n- [4.3.1](https://github.com/SAML-Toolkits/php-saml/releases/tag/4.3.1)\n\n\n**Impact**\n\nSignature Wrapping Vulnerabilities allows an attacker to impersonate a user.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "onelogin/php-saml"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.21.1"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "onelogin/php-saml"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3.0.0"
+            },
+            {
+              "fixed": "3.8.1"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "onelogin/php-saml"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "4.0.0"
+            },
+            {
+              "fixed": "4.3.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/SAML-Toolkits/php-saml/security/advisories/GHSA-5j8p-438x-rgg5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/robrichards/xmlseclibs/security/advisories/GHSA-c4cc-x928-vjw9"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/SAML-Toolkits/php-saml"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/SAML-Toolkits/php-saml/releases/tag/2.21.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/SAML-Toolkits/php-saml/releases/tag/3.8.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/SAML-Toolkits/php-saml/releases/tag/4.3.1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1395"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-12-09T17:24:09Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2025/12/GHSA-6w82-v552-wjw2/GHSA-6w82-v552-wjw2.json b/advisories/github-reviewed/2025/12/GHSA-6w82-v552-wjw2/GHSA-6w82-v552-wjw2.json
@@ -0,0 +1,116 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6w82-v552-wjw2",
+  "modified": "2025-12-09T17:24:21Z",
+  "published": "2025-12-09T17:24:21Z",
+  "aliases": [],
+  "summary": "Shopware Storefront Reflected XSS in Storefront Login Page",
+  "details": "### Impact\n\nBy exploiting the XSS vulnerabilities, malicious actors can perform harmful actions in the user's web browser in the session context of the affected user. Some examples of this include, but are not limited to: Obtaining user session tokens. Performing administrative actions (when an administrative user is affected). These vulnerabilities pose a high security risk. Since a sensitive cookie is not configured with the HttpOnly attribute and administrator JWTs are stored in sessionStorage, any successful XSS attack could enable the theft of session cookies and administrative tokens.\n\n### Description\n\nA request parameter from the URL of the login page is directly rendered within the Twig template of the Storefront login page without further processing or input validation. This allows direct code injection into the template via the URL parameter. An attacker can create malicious links that could be used in a phishing attack. The parameter `waitTime` lacks proper input validation.\n\nThe attack can be tested with the following URL pattern:\n\n```\n/account/login?loginError=1&waitTime=<a%20href%3D\"https%3A%2F%2Fde.wikipedia.org%2Fwiki%2FPhishing\">Here<%2Fa>\n```\n\nThe same applies to the `errorSnippet` parameter:\n\n```\n/account/login?loginError=1&errorSnippet=Reset%20your%20password%20%3Ca%20href%3D%22https%3A%2F%2Fde.wikipedia.org%2Fwiki%2FPhishing%22%3Ehere%3C%2Fa%3E.\n```",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "shopware/shopware"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "6.4.6.0"
+            },
+            {
+              "fixed": "6.6.10.10"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "shopware/storefront"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "6.4.6.0"
+            },
+            {
+              "fixed": "6.6.10.10"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "shopware/shopware"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "6.7.0.0"
+            },
+            {
+              "fixed": "6.7.5.1"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "shopware/storefront"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "6.7.0.0"
+            },
+            {
+              "fixed": "6.7.5.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/shopware/shopware/security/advisories/GHSA-6w82-v552-wjw2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/shopware/shopware/commit/c9242c02c84595d9fa3e2adf6a264bc90a657b58"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/shopware/shopware"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-12-09T17:24:21Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2025/12/GHSA-93fv-4pm9-xp28/GHSA-93fv-4pm9-xp28.json b/advisories/github-reviewed/2025/12/GHSA-93fv-4pm9-xp28/GHSA-93fv-4pm9-xp28.json
@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-93fv-4pm9-xp28",
+  "modified": "2025-12-09T17:23:54Z",
+  "published": "2025-12-09T17:23:54Z",
+  "aliases": [],
+  "summary": "JDA (Java Discord API) downloads external URLs when updating message components",
+  "details": "### Impact\n\nAnyone using untrusted message components may be affected. On versions >=6.0.0,<6.1.3 of JDA, the requester will attempt to download external media URLs from components if they are used in an update or send request.\n\nIf you are used `Message#getComponents` or similar to get a list of components and then send those components with `sendMessageComponents` or other methods, you might unintentionally download media from an external URL in the resolved media of a `Thumbnail`, `FileDisplay`, or `MediaGallery`.\n\n### Patches\n\nThis bug has been fixed in 6.1.3, and we recommend updating.\n\n### Workarounds\n\nAvoid sending components from untrusted messages or update to version 6.1.3.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "net.dv8tion:JDA"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "6.0.0"
+            },
+            {
+              "fixed": "6.1.3"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/discord-jda/JDA/security/advisories/GHSA-93fv-4pm9-xp28"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/discord-jda/JDA/commit/bb6d2ce5cf514429327c257f5c6fa95a137e3ab6"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/discord-jda/JDA"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-12-09T17:23:54Z",
+    "nvd_published_at": null
+  }
+}
