Skip to content

Commit bd123cf

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-fvfq-q238-j7j3 GHSA-pwhc-rpq9-4c8w GHSA-w832-gg5g-x44m
1 parent 7ad8754 commit bd123cf

File tree

3 files changed

+240
-4
lines changed

3 files changed

+240
-4
lines changed

advisories/unreviewed/2025/11/GHSA-fvfq-q238-j7j3/GHSA-fvfq-q238-j7j3.json renamed to advisories/github-reviewed/2025/11/GHSA-fvfq-q238-j7j3/GHSA-fvfq-q238-j7j3.json

Lines changed: 37 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,57 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-fvfq-q238-j7j3",
4-
"modified": "2025-11-05T18:31:31Z",
4+
"modified": "2025-11-06T15:12:30Z",
55
"published": "2025-11-05T18:31:31Z",
66
"aliases": [
77
"CVE-2025-10713"
88
],
9+
"summary": "WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks",
910
"details": "An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities.\n\nA successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "org.wso2.carbon.mediation:org.wso2.carbon.localentry"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
}
30+
]
31+
}
32+
],
33+
"database_specific": {
34+
"last_known_affected_version_range": "< 4.7.259"
35+
}
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10713"
2142
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/wso2/carbon-mediation/pull/1784"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/wso2/carbon-mediation/commit/b995b2f1db96a4697791f0202cc8713f15640fd5"
50+
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://github.com/wso2/carbon-mediation"
54+
},
2255
{
2356
"type": "WEB",
2457
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4505"
@@ -29,8 +62,8 @@
2962
"CWE-611"
3063
],
3164
"severity": "MODERATE",
32-
"github_reviewed": false,
33-
"github_reviewed_at": null,
65+
"github_reviewed": true,
66+
"github_reviewed_at": "2025-11-06T15:12:30Z",
3467
"nvd_published_at": "2025-11-05T18:15:32Z"
3568
}
3669
}

advisories/github-reviewed/2025/11/GHSA-pwhc-rpq9-4c8w/GHSA-pwhc-rpq9-4c8w.json

Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-pwhc-rpq9-4c8w",
4+
"modified": "2025-11-06T15:12:08Z",
5+
"published": "2025-11-06T15:12:08Z",
6+
"aliases": [
7+
"CVE-2024-25621"
8+
],
9+
"summary": "containerd affected by a local privilege escalation via wide permissions on CRI directory",
10+
"details": "### Impact\n\nAn overly broad default permission vulnerability was found in containerd.\n\n- `/var/lib/containerd` was created with the permission bits 0o711, while it should be created with 0o700\n - Allowed local users on the host to potentially access the metadata store and the content store\n- `/run/containerd/io.containerd.grpc.v1.cri` was created with 0o755, while it should be created with 0o700\n - Allowed local users on the host to potentially access the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.\n- `/run/containerd/io.containerd.sandbox.controller.v1.shim` was created with 0o711, while it should be created with 0o700\n\nThe directory paths may differ depending on the daemon configuration.\nWhen the `temp` directory path is specified in the daemon configuration, that directory was also created with 0o711, while it should be created with 0o700.\n\n### Patches\n\nThis bug has been fixed in the following containerd versions:\n\n* 2.2.0\n* 2.1.5\n* 2.0.7\n* 1.7.29\n\nUsers should update to these versions to resolve the issue.\nThese updates automatically change the permissions of the existing directories.\n\n> [!NOTE]\n>\n> `/run/containerd` and `/run/containerd/io.containerd.runtime.v2.task` are still created with 0o711.\n> This is an expected behavior for supporting userns-remapped containers.\n\n### Workarounds\n\nThe system administrator on the host can manually chmod the directories to not \nhave group or world accessible permisisons:\n\n```\nchmod 700 /var/lib/containerd\nchmod 700 /run/containerd/io.containerd.grpc.v1.cri\nchmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim\n```\n\nAn alternative mitigation would be to run containerd in [rootless mode](https://github.com/containerd/containerd/blob/main/docs/rootless.md).\n\n### Credits\n\nThe containerd project would like to thank David Leadbeater for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [[email protected]](mailto:[email protected])\n\nTo report a security issue in containerd:\n\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Go",
21+
"name": "github.com/containerd/containerd"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "1.7.29"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Go",
40+
"name": "github.com/containerd/containerd/v2"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "0"
48+
},
49+
{
50+
"fixed": "2.0.7"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Go",
59+
"name": "github.com/containerd/containerd/v2"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "2.1.0-beta.0"
67+
},
68+
{
69+
"fixed": "2.1.5"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Go",
78+
"name": "github.com/containerd/containerd/v2"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "2.2.0-beta.0"
86+
},
87+
{
88+
"fixed": "2.2.0"
89+
}
90+
]
91+
}
92+
]
93+
}
94+
],
95+
"references": [
96+
{
97+
"type": "WEB",
98+
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"
99+
},
100+
{
101+
"type": "WEB",
102+
"url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5"
103+
},
104+
{
105+
"type": "PACKAGE",
106+
"url": "https://github.com/containerd/containerd"
107+
}
108+
],
109+
"database_specific": {
110+
"cwe_ids": [
111+
"CWE-279"
112+
],
113+
"severity": "HIGH",
114+
"github_reviewed": true,
115+
"github_reviewed_at": "2025-11-06T15:12:08Z",
116+
"nvd_published_at": null
117+
}
118+
}

advisories/github-reviewed/2025/11/GHSA-w832-gg5g-x44m/GHSA-w832-gg5g-x44m.json

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-w832-gg5g-x44m",
4+
"modified": "2025-11-06T15:13:34Z",
5+
"published": "2025-11-06T15:13:33Z",
6+
"aliases": [],
7+
"summary": "Open redirect endpoint in Datasette",
8+
"details": "### Impact\n\nDeployed instances of Datasette prior to `0.65.2` and `1.0a21` include an open redirect vulnerability.\n\nHits to the path `//example.com/foo/bar/` (the trailing slash is required) will redirect the user to `https://example.com/foo/bar`.\n\n### Patches\n\nThis problem has been patched in both Datasette `0.65.2` and `1.0a21`.\n\n### Workarounds\n\nIf Datasette is running behind a proxy that proxy could be configured to replace `//` with `/` in incoming request URLs.",
9+
"severity": [
10+
{
11+
"type": "CVSS_V3",
12+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
13+
}
14+
],
15+
"affected": [
16+
{
17+
"package": {
18+
"ecosystem": "PyPI",
19+
"name": "datasette"
20+
},
21+
"ranges": [
22+
{
23+
"type": "ECOSYSTEM",
24+
"events": [
25+
{
26+
"introduced": "0"
27+
},
28+
{
29+
"fixed": "0.65.2"
30+
}
31+
]
32+
}
33+
]
34+
},
35+
{
36+
"package": {
37+
"ecosystem": "PyPI",
38+
"name": "datasette"
39+
},
40+
"ranges": [
41+
{
42+
"type": "ECOSYSTEM",
43+
"events": [
44+
{
45+
"introduced": "1.0a0"
46+
},
47+
{
48+
"fixed": "1.0a21"
49+
}
50+
]
51+
}
52+
],
53+
"database_specific": {
54+
"last_known_affected_version_range": "< 1.0a20"
55+
}
56+
}
57+
],
58+
"references": [
59+
{
60+
"type": "WEB",
61+
"url": "https://github.com/simonw/datasette/security/advisories/GHSA-w832-gg5g-x44m"
62+
},
63+
{
64+
"type": "WEB",
65+
"url": "https://github.com/simonw/datasette/issues/2429"
66+
},
67+
{
68+
"type": "WEB",
69+
"url": "https://github.com/simonw/datasette/commit/f257ca6edb64848c3b04b54d41e347c54fe57c05"
70+
},
71+
{
72+
"type": "PACKAGE",
73+
"url": "https://github.com/simonw/datasette"
74+
}
75+
],
76+
"database_specific": {
77+
"cwe_ids": [
78+
"CWE-601"
79+
],
80+
"severity": "LOW",
81+
"github_reviewed": true,
82+
"github_reviewed_at": "2025-11-06T15:13:33Z",
83+
"nvd_published_at": null
84+
}
85+
}

0 commit comments

Comments
 (0)