Publish Advisories

GHSA-q6gg-9f92-r9wg
GHSA-2jjv-qf24-vfm4

Author: advisory-database[bot]

advisories/github-reviewed/2025/08/GHSA-q6gg-9f92-r9wg/GHSA-q6gg-9f92-r9wg.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q6gg-9f92-r9wg",
-  "modified": "2025-08-04T15:28:05Z",
+  "modified": "2025-11-27T09:02:51Z",
   "published": "2025-08-01T18:08:15Z",
   "aliases": [
     "CVE-2025-54386"
   ],
   "summary": "Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution",
-  "details": "### Summary\nA path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with `../` sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service.\n **✅ After investigation, it is confirmed that no plugins on the [Catalog](https://plugins.traefik.io/plugins) were affected. There is no known impact.**\n\n### Details\nThe vulnerability resides in the WASM plugin extraction logic, specifically in the `unzipFile` function (`/plugins/client.go`). The application constructs file paths during ZIP extraction using `filepath.Join(destDir, f.Name)` without validating or sanitizing `f.Name`. If the ZIP archive contains entries with `../`, the resulting path can escape the intended directory, allowing writes to arbitrary locations on the host filesystem.\n\n### Attack Requirements\nThere are several requirements needed to make this attack possible:\n- The Traefik server should be deployed with [plugins enabled](https://doc.traefik.io/traefik/plugins/) with a WASM plugin (yaegi plugins are not impacted).\n- The attacker should have write access to a remote plugin asset loaded by the Traefik server\n- The attacker should craft a malicious version of this plugin\n\n### Warning\nAs clearly stated in the [documentation](https://doc.traefik.io/traefik/plugins/), plugins are experimental in Traefik, and unsafe plugins could damage your infrastructure:\n\n> **Experimental Features**\nPlugins can change the behavior of Traefik in unforeseen ways. Exercise caution when adding new plugins to production Traefik instances.\n\n### Impact\n**This vulnerability did not affect any plugin from the catalog. There is no known impact. \nAdditionally, the catalog will also prevent any compromised plugin to be available across all Traefik versions.**\nThis vulnerability could allow an attacker to perform arbitrary file write outside the intended plugin extraction directory by crafting a malicious ZIP archive that includes `../` (directory traversal) in file paths.",
+  "details": "### Summary\nA path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with `../` sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service.\n **✅ After investigation, it is confirmed that no plugins on the [Catalog](https://plugins.traefik.io/plugins) were affected. There is no known impact.**\n\n### Details\nThe vulnerability resides in the WASM plugin extraction logic, specifically in the `unzipFile` function (`/plugins/client.go`). The application constructs file paths during ZIP extraction using `filepath.Join(destDir, f.Name)` without validating or sanitizing `f.Name`. If the ZIP archive contains entries with `../`, the resulting path can escape the intended directory, allowing writes to arbitrary locations on the host filesystem.\n\n### Attack Requirements\nThere are several requirements needed to make this attack possible:\n- The Traefik server should be deployed with [plugins enabled](https://doc.traefik.io/traefik/plugins/) with a WASM plugin (yaegi plugins are not impacted).\n- The attacker should have write access to a remote plugin asset loaded by the Traefik server\n- The attacker should craft a malicious version of this plugin\n\n### Warning\nAs clearly stated in the [documentation](https://doc.traefik.io/traefik/plugins/), plugins are experimental in Traefik, and unsafe plugins could damage your infrastructure:\n\n> **Experimental Features**\nPlugins can change the behavior of Traefik in unforeseen ways. Exercise caution when adding new plugins to production Traefik instances.\n\n### Impact\n**This vulnerability did not affect any plugin from the catalog. There is no known impact. \nAdditionally, the catalog will also prevent any compromised plugin to be available across all Traefik versions.**\nThis vulnerability can allow an attacker to perform arbitrary file write outside the intended plugin extraction directory by crafting a malicious ZIP archive that includes `../` (directory traversal) in file paths.",
   "severity": [
     {
       "type": "CVSS_V4",

advisories/github-reviewed/2025/09/GHSA-2jjv-qf24-vfm4/GHSA-2jjv-qf24-vfm4.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2jjv-qf24-vfm4",
-  "modified": "2025-09-26T17:49:05Z",
+  "modified": "2025-11-27T09:05:06Z",
   "published": "2025-09-24T18:57:44Z",
   "aliases": [
     "CVE-2025-59828"
   ],
   "summary": "Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions",
-  "details": "### Summary\n\nIn Claude Code versions prior to **1.0.39**, when the tool is used with **Yarn 2.x or newer (Berry)**, Yarn plugins are automatically loaded and executed when running `yarn --version`. In Claude Code this sequence could execute plugin code before the user accepts the directory trust prompt for an untrusted workspace, resulting in a potential arbitrary code execution path. **Yarn Classic (v1)** is not affected. The issue is fixed in **1.0.39**.\n\n### Impact\n\nAn attacker who can influence the project directory to include or reference a malicious Yarn plugin, or who can otherwise cause plugin execution in an untrusted directory, may achieve code execution on the machine where Claude Code is invoked. The vulnerability compromises the confidentiality, integrity and availability of the vulnerable host process.\n\n### Remediation\n\nUpdate Claude Code to **1.0.39** or later. Users on auto-update channels receive the fix automatically; manual installations should upgrade explicitly. As defense in depth, avoid running Yarn in untrusted directories and prefer Yarn Classic when plugin functionality is not required.\n\n### Background\n\nYarn 2+ supports a plugin architecture in which plugins are loaded at runtime and can inject behavior into Yarn commands; this capability underpins the observed auto-execution on `yarn --version`.\n\n---\n\n> Thank you to https://hackerone.com/michel_ for reporting this issue!",
+  "details": "### Summary\n\nIn Claude Code versions prior to **1.0.39**, when the tool is used with **Yarn 2.x or newer (Berry)**, Yarn plugins are automatically loaded and executed when running `yarn --version`. In Claude Code this sequence could execute plugin code before the user accepts the directory trust prompt for an untrusted workspace, resulting in a potential arbitrary code execution path. \n\n**Yarn Classic (v1)** is not affected. The issue is fixed in **1.0.39**.\n\n### Impact\n\nAn attacker who can influence the project directory to include or reference a malicious Yarn plugin, or who can otherwise cause plugin execution in an untrusted directory, may achieve code execution on the machine where Claude Code is invoked. The vulnerability compromises the confidentiality, integrity and availability of the vulnerable host process.\n\n### Remediation\n\nUpdate Claude Code to **1.0.39** or later. Users on auto-update channels receive the fix automatically; manual installations should upgrade explicitly. As defense in depth, avoid running Yarn in untrusted directories and prefer Yarn Classic when plugin functionality is not required.\n\n### Background\n\nYarn 2+ supports a plugin architecture in which plugins are loaded at runtime and can inject behavior into Yarn commands; this capability underpins the observed auto-execution on `yarn --version`.\n\n---\n\n> Thank you to https://hackerone.com/michel_ for reporting this issue!",
   "severity": [
     {
       "type": "CVSS_V4",