Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 99847d529829 · 2025-10-29T21:49:52.000Z
GHSA-2hvh-cw5c-8q8q GHSA-3m8r-w7xg-jqvw GHSA-hmvq-8p83-cq52
diff --git a/advisories/github-reviewed/2025/10/GHSA-2hvh-cw5c-8q8q/GHSA-2hvh-cw5c-8q8q.json b/advisories/github-reviewed/2025/10/GHSA-2hvh-cw5c-8q8q/GHSA-2hvh-cw5c-8q8q.json
@@ -0,0 +1,84 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2hvh-cw5c-8q8q",
+  "modified": "2025-10-29T21:49:15Z",
+  "published": "2025-10-29T21:49:14Z",
+  "aliases": [
+    "CVE-2025-64100"
+  ],
+  "summary": "CKAN vulnerable to fixed session IDs",
+  "details": "### Impact\n\nSession ids could be fixed by an attacker if the site is configured with server-side session storage (CKAN uses cookie-based session storage by default). The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers are now regenerated after each login.\n\n### Patches\nThis vulnerability has been fixed in CKAN 2.10.9 and 2.11.4\n\n### References\n[https://en.wikipedia.org/wiki/Session_fixation](https://en.wikipedia.org/wiki/Session_fixation)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "ckan"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.10.0"
+            },
+            {
+              "fixed": "2.10.9"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "ckan"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.11.0"
+            },
+            {
+              "fixed": "2.11.4"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/ckan/ckan/security/advisories/GHSA-2hvh-cw5c-8q8q"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64100"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ckan/ckan/commit/c2fe437f88be850a6edf7a32470772428819fab5"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/ckan/ckan"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-384"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-29T21:49:14Z",
+    "nvd_published_at": "2025-10-29T18:15:42Z"
+  }
+}
diff --git a/advisories/github-reviewed/2025/10/GHSA-3m8r-w7xg-jqvw/GHSA-3m8r-w7xg-jqvw.json b/advisories/github-reviewed/2025/10/GHSA-3m8r-w7xg-jqvw/GHSA-3m8r-w7xg-jqvw.json
@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3m8r-w7xg-jqvw",
+  "modified": "2025-10-29T21:48:52Z",
+  "published": "2025-10-29T21:48:52Z",
+  "aliases": [
+    "CVE-2025-64095"
+  ],
+  "summary": "DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite",
+  "details": "### Summary\nThe default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files.\n\n### Description\nAn unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "NuGet",
+        "name": "DNN.PLATFORM"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "10.1.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64095"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/dnnsoftware/Dnn.Platform"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-434"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-29T21:48:52Z",
+    "nvd_published_at": "2025-10-28T22:15:38Z"
+  }
+}
diff --git a/advisories/github-reviewed/2025/10/GHSA-hmvq-8p83-cq52/GHSA-hmvq-8p83-cq52.json b/advisories/github-reviewed/2025/10/GHSA-hmvq-8p83-cq52/GHSA-hmvq-8p83-cq52.json
@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hmvq-8p83-cq52",
+  "modified": "2025-10-29T21:47:49Z",
+  "published": "2025-10-29T21:47:49Z",
+  "aliases": [
+    "CVE-2025-64094"
+  ],
+  "summary": "DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload",
+  "details": "### Summary\nSanitization of the content of uploaded SVG files was not covering all possible XSS scenarios.\n\n### Details\nDNN validates the contents of SVG's to ensure they are valid and do not contain any malicious code. These checks were introduced as part of `CVE-2025-48378`.\n\nHowever, the checks to ensure there are no script elements within the SVG files are not comprehensive and may allow some malicious SVG files to be uploaded.\n\nAs this vulnerability allows for the execution of arbitrary JavaScript code within the context of the user's browser, it can lead to a range of attacks, including data exfiltration, session hijacking, and defacement of the web application to name a few.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "NuGet",
+        "name": "DotNetNuke.Core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "10.1.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64094"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/dnnsoftware/Dnn.Platform"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-29T21:47:49Z",
+    "nvd_published_at": "2025-10-28T22:15:38Z"
+  }
+}
