Skip to content

Commit c64f048

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-8v8h-4pjx-rg73 GHSA-6533-fhr2-f38h GHSA-6533-fhr2-f38h
1 parent 58f6152 commit c64f048

File tree

3 files changed

+123
-42
lines changed

3 files changed

+123
-42
lines changed

advisories/unreviewed/2025/06/GHSA-8v8h-4pjx-rg73/GHSA-8v8h-4pjx-rg73.json renamed to advisories/github-reviewed/2025/06/GHSA-8v8h-4pjx-rg73/GHSA-8v8h-4pjx-rg73.json

Lines changed: 31 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-8v8h-4pjx-rg73",
4-
"modified": "2025-06-29T09:30:23Z",
4+
"modified": "2025-11-03T20:26:58Z",
55
"published": "2025-06-29T09:30:23Z",
66
"aliases": [
77
"CVE-2025-6854"
88
],
9+
"summary": "Langchain-Chatchat vulnerable to path traversal",
910
"details": "A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
1011
"severity": [
1112
{
@@ -14,10 +15,30 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "PyPI",
25+
"name": "langchain-chatchat"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"last_affected": "0.3.1"
36+
}
37+
]
38+
}
39+
]
1840
}
1941
],
20-
"affected": [],
2142
"references": [
2243
{
2344
"type": "ADVISORY",
@@ -27,6 +48,10 @@
2748
"type": "WEB",
2849
"url": "https://github.com/chatchat-space/Langchain-Chatchat/issues/5353"
2950
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://github.com/chatchat-space/Langchain-Chatchat"
54+
},
3055
{
3156
"type": "WEB",
3257
"url": "https://vuldb.com/?ctiid.314326"
@@ -44,9 +69,9 @@
4469
"cwe_ids": [
4570
"CWE-22"
4671
],
47-
"severity": "MODERATE",
48-
"github_reviewed": false,
49-
"github_reviewed_at": null,
72+
"severity": "LOW",
73+
"github_reviewed": true,
74+
"github_reviewed_at": "2025-11-03T20:26:58Z",
5075
"nvd_published_at": "2025-06-29T09:15:24Z"
5176
}
5277
}

advisories/github-reviewed/2025/11/GHSA-6533-fhr2-f38h/GHSA-6533-fhr2-f38h.json

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,92 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6533-fhr2-f38h",
4+
"modified": "2025-11-03T20:26:10Z",
5+
"published": "2025-11-01T00:30:27Z",
6+
"aliases": [
7+
"CVE-2025-62276"
8+
],
9+
"summary": "Liferay Portal and DXP use an incorrect cache-control header",
10+
"details": "The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the browser's cache.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V4",
14+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "com.liferay:com.liferay.adaptive.media.web"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "5.0.52"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Maven",
40+
"name": "com.liferay.portal:com.liferay.portal.impl"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "0"
48+
},
49+
{
50+
"fixed": "69.1.0"
51+
}
52+
]
53+
}
54+
]
55+
}
56+
],
57+
"references": [
58+
{
59+
"type": "ADVISORY",
60+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62276"
61+
},
62+
{
63+
"type": "WEB",
64+
"url": "https://github.com/liferay/liferay-portal/commit/36c080fc4522e46d69b5c3b4b9eb6aca5ff52699"
65+
},
66+
{
67+
"type": "WEB",
68+
"url": "https://github.com/liferay/liferay-portal/commit/9781b594cffcd23583a1a0f93746fd20e3eb55bd"
69+
},
70+
{
71+
"type": "PACKAGE",
72+
"url": "https://github.com/liferay/liferay-portal"
73+
},
74+
{
75+
"type": "WEB",
76+
"url": "https://liferay.atlassian.net/browse/LPE-17701"
77+
},
78+
{
79+
"type": "WEB",
80+
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62276"
81+
}
82+
],
83+
"database_specific": {
84+
"cwe_ids": [
85+
"CWE-525"
86+
],
87+
"severity": "MODERATE",
88+
"github_reviewed": true,
89+
"github_reviewed_at": "2025-11-03T20:26:09Z",
90+
"nvd_published_at": "2025-11-01T00:15:33Z"
91+
}
92+
}

advisories/unreviewed/2025/11/GHSA-6533-fhr2-f38h/GHSA-6533-fhr2-f38h.json

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)