Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 6f85e5b1f8d6 · 2025-12-18T01:01:15.000Z
GHSA-fw33-qpx7-rhx2 GHSA-mq8m-42gh-wq7r
diff --git a/advisories/github-reviewed/2025/12/GHSA-fw33-qpx7-rhx2/GHSA-fw33-qpx7-rhx2.json b/advisories/github-reviewed/2025/12/GHSA-fw33-qpx7-rhx2/GHSA-fw33-qpx7-rhx2.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fw33-qpx7-rhx2",
-  "modified": "2025-12-12T15:59:13Z",
+  "modified": "2025-12-18T00:59:38Z",
   "published": "2025-12-11T16:48:48Z",
   "aliases": [
     "CVE-2025-67508"
   ],
   "summary": "gardenctl is vulnerable to Command Injection when used with non‑POSIX shells",
-  "details": "A security vulnerability was discovered for [gardenctl](https://github.com/gardener/gardenctl-v2) when it is used with non‑POSIX shells such as **[Fish](https://fishshell.com/)** and **[PowerShell](https://learn.microsoft.com/en-us/powershell/)**. Such setup could allow an attacker with administrative privileges for a Gardener project to craft malicious credential values in infrastructure Secret objects that break out of the intended string context when evaluated in Fish or PowerShell environments used by the Gardener service operators, leading to arbitrary command execution on the operator's device.\n\n**Am I vulnerable?**\nThis CVE affects all Gardener operators who use  **gardenctl < v2.12.0** with non‑POSIX shells such as **[Fish](https://fishshell.com/)** and **[PowerShell](https://learn.microsoft.com/en-us/powershell/)**.",
+  "details": "A security vulnerability was discovered in [gardenctl](https://github.com/gardener/gardenctl-v2) when it is used with non‑POSIX shells such as **[Fish](https://fishshell.com/)** and **[PowerShell](https://learn.microsoft.com/en-us/powershell/)**. Such setup could allow an attacker with administrative privileges for a Gardener project to craft malicious credential values in infrastructure Secret objects that break out of the intended string context when evaluated in Fish or PowerShell environments used by the Gardener service operators, leading to arbitrary command execution on the operator's device.\n\n**Am I vulnerable?**\nThis CVE affects all Gardener operators who use  **gardenctl < v2.12.0** with non‑POSIX shells such as **[Fish](https://fishshell.com/)** and **[PowerShell](https://learn.microsoft.com/en-us/powershell/)**.",
   "severity": [
     {
       "type": "CVSS_V3",
diff --git a/advisories/github-reviewed/2025/12/GHSA-mq8m-42gh-wq7r/GHSA-mq8m-42gh-wq7r.json b/advisories/github-reviewed/2025/12/GHSA-mq8m-42gh-wq7r/GHSA-mq8m-42gh-wq7r.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mq8m-42gh-wq7r",
-  "modified": "2025-12-11T22:02:18Z",
+  "modified": "2025-12-18T01:00:21Z",
   "published": "2025-12-10T15:31:24Z",
   "aliases": [
     "CVE-2025-8110"
@@ -40,6 +40,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8110"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-mq8m-42gh-wq7r"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/gogs/gogs"
