CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
CVE-2017-0899 (GCVE-0-2017-0899)
Vulnerability from cvelistv5
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences ()
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:25:16.395Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:0585", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0585" }, { "name": "DSA-3966", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-3966" }, { "name": "RHSA-2018:0378", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0378" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/226335" }, { "name": "1039249", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039249" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491" }, { "name": "RHSA-2017:3485", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3485" }, { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" }, { "name": "RHSA-2018:0583", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0583" }, { "name": "GLSA-201710-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-01" }, { "name": "100576", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100576" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "RubyGems", "vendor": "HackerOne", "versions": [ { "status": "affected", "version": "Versions before 2.6.13" } ] } ], "datePublic": "2017-08-27T00:00:00", "descriptions": [ { "lang": "en", "value": "RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-150", "description": "Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-14T09:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "name": "RHSA-2018:0585", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0585" }, { "name": "DSA-3966", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-3966" }, { "name": "RHSA-2018:0378", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0378" }, { "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/226335" }, { "name": "1039249", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039249" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491" }, { "name": "RHSA-2017:3485", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3485" }, { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" }, { "name": "RHSA-2018:0583", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0583" }, { "name": "GLSA-201710-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-01" }, { "name": "100576", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100576" }, { "tags": [ "x_refsource_MISC" ], "url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "support@hackerone.com", "DATE_PUBLIC": "2017-08-27T00:00:00", "ID": "CVE-2017-0899", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "RubyGems", "version": { "version_data": [ { "version_value": "Versions before 2.6.13" } ] } } ] }, "vendor_name": "HackerOne" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:0585", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0585" }, { "name": "DSA-3966", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3966" }, { "name": "RHSA-2018:0378", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0378" }, { "name": "https://hackerone.com/reports/226335", "refsource": "MISC", "url": "https://hackerone.com/reports/226335" }, { "name": "1039249", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039249" }, { "name": "https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1", "refsource": "MISC", "url": "https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1" }, { "name": "https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491", "refsource": "MISC", "url": "https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491" }, { "name": "RHSA-2017:3485", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3485" }, { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" }, { "name": "RHSA-2018:0583", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0583" }, { "name": "GLSA-201710-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-01" }, { "name": "100576", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100576" }, { "name": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html", "refsource": "MISC", "url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2017-0899", "datePublished": "2017-08-31T20:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-17T02:20:54.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-25743 (GCVE-0-2021-25743)
Vulnerability from cvelistv5
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:11:27.596Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kubernetes/kubernetes/issues/101695" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220217-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kubernetes", "vendor": "Kubernetes", "versions": [ { "lessThanOrEqual": "1.23.1", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "unknown", "version": "next of 1.23.1", "versionType": "custom" }, { "lessThanOrEqual": "1.22.5", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "unknown", "version": "next of 1.22.5", "versionType": "custom" }, { "lessThanOrEqual": "1.21.8", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "unknown", "version": "next of 1.21.8", "versionType": "custom" }, { "lessThanOrEqual": "1.20.14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "unknown", "version": "next of 1.20.14", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Eviatar Gerzi" } ], "datePublic": "2021-05-02T00:00:00", "descriptions": [ { "lang": "en", "value": "kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-150", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-17T17:06:37", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kubernetes/kubernetes/issues/101695" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220217-0003/" } ], "source": { "defect": [ "https://github.com/kubernetes/kubernetes/issues/101695" ], "discovery": "EXTERNAL" }, "title": "ANSI escape characters in kubectl output are not being filtered", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2021-05-02T12:06:00.000Z", "ID": "CVE-2021-25743", "STATE": "PUBLIC", "TITLE": "ANSI escape characters in kubectl output are not being filtered" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Kubernetes", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "1.23.1" }, { "version_affected": "?\u003e", "version_value": "1.23.1" }, { "version_affected": "\u003c=", "version_value": "1.22.5" }, { "version_affected": "?\u003e", "version_value": "1.22.5" }, { "version_affected": "\u003c=", "version_value": "1.21.8" }, { "version_affected": "?\u003e", "version_value": "1.21.8" }, { "version_affected": "\u003c=", "version_value": "1.20.14" }, { "version_affected": "?\u003e", "version_value": "1.20.14" } ] } } ] }, "vendor_name": "Kubernetes" } ] } }, "credit": [ { "lang": "eng", "value": "Eviatar Gerzi" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kubernetes/kubernetes/issues/101695", "refsource": "MISC", "url": "https://github.com/kubernetes/kubernetes/issues/101695" }, { "name": "https://security.netapp.com/advisory/ntap-20220217-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220217-0003/" } ] }, "source": { "defect": [ "https://github.com/kubernetes/kubernetes/issues/101695" ], "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2021-25743", "datePublished": "2022-01-07T00:00:12.399751Z", "dateReserved": "2021-01-21T00:00:00", "dateUpdated": "2024-09-16T23:51:24.348Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-30123 (GCVE-0-2022-30123)
Vulnerability from cvelistv5
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences ()
► | URL | Tags |
---|---|---|
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | https://github.com/rack/rack |
Version: 2.0.9.1, 2.1.4.1, 2.2.3.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:40:47.582Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728" }, { "name": "DSA-5530", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5530" }, { "name": "GLSA-202310-18", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-18" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231208-0011/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/rack/rack", "vendor": "n/a", "versions": [ { "status": "affected", "version": "2.0.9.1, 2.1.4.1, 2.2.3.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-150", "description": "Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-08T22:06:15.677017", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728" }, { "name": "DSA-5530", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5530" }, { "name": "GLSA-202310-18", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-18" }, { "url": "https://security.netapp.com/advisory/ntap-20231208-0011/" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-30123", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-05-02T00:00:00", "dateUpdated": "2024-08-03T06:40:47.582Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-26055 (GCVE-0-2023-26055)
Vulnerability from cvelistv5
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
xwiki | xwiki-commons |
Version: >= 3.1-milestone-1, < 13.10.9 Version: >= 14.0-rc-1, < 14.4.4 Version: >= 14.5, < 14.7-rc-1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:39:06.565Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-8cw6-4r32-6r3h", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-8cw6-4r32-6r3h" }, { "name": "https://jira.xwiki.org/browse/XCOMMONS-2498", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jira.xwiki.org/browse/XCOMMONS-2498" }, { "name": "https://jira.xwiki.org/browse/XWIKI-19793", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jira.xwiki.org/browse/XWIKI-19793" }, { "name": "https://jira.xwiki.org/browse/XWIKI-19794", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jira.xwiki.org/browse/XWIKI-19794" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-26055", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-03-05T20:39:11.635057Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-05T20:39:15.118Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "xwiki-commons", "vendor": "xwiki", "versions": [ { "status": "affected", "version": "\u003e= 3.1-milestone-1, \u003c 13.10.9" }, { "status": "affected", "version": "\u003e= 14.0-rc-1, \u003c 14.4.4" }, { "status": "affected", "version": "\u003e= 14.5, \u003c 14.7-rc-1" } ] } ], "descriptions": [ { "lang": "en", "value": "XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-150", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-02T18:48:16.053Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-8cw6-4r32-6r3h", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-8cw6-4r32-6r3h" }, { "name": "https://jira.xwiki.org/browse/XCOMMONS-2498", "tags": [ "x_refsource_MISC" ], "url": "https://jira.xwiki.org/browse/XCOMMONS-2498" }, { "name": "https://jira.xwiki.org/browse/XWIKI-19793", "tags": [ "x_refsource_MISC" ], "url": "https://jira.xwiki.org/browse/XWIKI-19793" }, { "name": "https://jira.xwiki.org/browse/XWIKI-19794", "tags": [ "x_refsource_MISC" ], "url": "https://jira.xwiki.org/browse/XWIKI-19794" } ], "source": { "advisory": "GHSA-8cw6-4r32-6r3h", "discovery": "UNKNOWN" }, "title": "XWiki Commons may allow privilege escalation to programming rights via user\u0027s first name" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-26055", "datePublished": "2023-03-02T18:48:16.053Z", "dateReserved": "2023-02-17T22:44:03.151Z", "dateUpdated": "2025-03-05T20:39:15.118Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-28446 (GCVE-0-2023-28446)
Vulnerability from cvelistv5
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:38:25.379Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/denoland/deno/security/advisories/GHSA-vq67-rp93-65qf", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/denoland/deno/security/advisories/GHSA-vq67-rp93-65qf" }, { "name": "https://github.com/denoland/deno/blob/7d13d65468c37022f003bb680dfbddd07ea72173/runtime/js/40_process.js#L175", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/denoland/deno/blob/7d13d65468c37022f003bb680dfbddd07ea72173/runtime/js/40_process.js#L175" }, { "name": "https://github.com/denoland/deno/releases/tag/v1.31.2", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/denoland/deno/releases/tag/v1.31.2" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-28446", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-19T20:25:24.688238Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-19T20:25:29.969Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "deno", "vendor": "denoland", "versions": [ { "status": "affected", "version": "\u003e= 1.8.0, \u003c 1.31.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a `op_spawn_child` or `op_kill` prompt and replace it with any desired text. This works with any command on the respective platform, giving the program the full ability to choose what program they wanted to run. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). This issue has been patched in version 1.31.2.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-150", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-24T19:46:28.641Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/denoland/deno/security/advisories/GHSA-vq67-rp93-65qf", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/denoland/deno/security/advisories/GHSA-vq67-rp93-65qf" }, { "name": "https://github.com/denoland/deno/blob/7d13d65468c37022f003bb680dfbddd07ea72173/runtime/js/40_process.js#L175", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/denoland/deno/blob/7d13d65468c37022f003bb680dfbddd07ea72173/runtime/js/40_process.js#L175" }, { "name": "https://github.com/denoland/deno/releases/tag/v1.31.2", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/denoland/deno/releases/tag/v1.31.2" } ], "source": { "advisory": "GHSA-vq67-rp93-65qf", "discovery": "UNKNOWN" }, "title": "Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-28446", "datePublished": "2023-03-24T19:46:28.641Z", "dateReserved": "2023-03-15T15:59:10.057Z", "dateUpdated": "2025-02-19T20:25:29.969Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-30844 (GCVE-0-2023-30844)
Vulnerability from cvelistv5
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
mutagen-io | mutagen |
Version: github.com/mutagen-io/mutagen < 0.16.6 Version: github.com/mutagen-io/mutagen >= 0.17.0, < 0.17.1 Version: github.com/mutagen-io/mutagen-compose < 0.17.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:15.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/mutagen-io/mutagen/security/advisories/GHSA-jmp2-wc4p-wfh2", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/mutagen-io/mutagen/security/advisories/GHSA-jmp2-wc4p-wfh2" }, { "name": "https://github.com/mutagen-io/mutagen/releases/tag/v0.16.6", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/mutagen-io/mutagen/releases/tag/v0.16.6" }, { "name": "https://github.com/mutagen-io/mutagen/releases/tag/v0.17.1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/mutagen-io/mutagen/releases/tag/v0.17.1" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30844", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-29T15:23:36.832965Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-29T15:23:41.754Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "mutagen", "vendor": "mutagen-io", "versions": [ { "status": "affected", "version": "github.com/mutagen-io/mutagen \u003c 0.16.6" }, { "status": "affected", "version": "github.com/mutagen-io/mutagen \u003e= 0.17.0, \u003c 0.17.1" }, { "status": "affected", "version": "github.com/mutagen-io/mutagen-compose \u003c 0.17.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutagen `list` and `monitor` commands are susceptible to control characters that could be provided by remote endpoints. This could cause terminal corruption, either intentional or unintentional, if these characters were present in error messages or file paths/names. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as CVE-2003-0069, the issue could theoretically cause code execution. The problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged. As a workaround, avoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-150", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-08T17:54:03.685Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/mutagen-io/mutagen/security/advisories/GHSA-jmp2-wc4p-wfh2", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/mutagen-io/mutagen/security/advisories/GHSA-jmp2-wc4p-wfh2" }, { "name": "https://github.com/mutagen-io/mutagen/releases/tag/v0.16.6", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/mutagen-io/mutagen/releases/tag/v0.16.6" }, { "name": "https://github.com/mutagen-io/mutagen/releases/tag/v0.17.1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/mutagen-io/mutagen/releases/tag/v0.17.1" } ], "source": { "advisory": "GHSA-jmp2-wc4p-wfh2", "discovery": "UNKNOWN" }, "title": "Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-30844", "datePublished": "2023-05-08T17:54:03.685Z", "dateReserved": "2023-04-18T16:13:15.880Z", "dateUpdated": "2025-01-29T15:23:41.754Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-3265 (GCVE-0-2023-3265)
Vulnerability from cvelistv5
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Vendor | Product | Version | ||
---|---|---|---|---|
CyberPower | PowerPanel Enterprise |
Version: v2.6.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:48:08.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-3265", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-09T14:39:48.699764Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-09T14:40:02.267Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PowerPanel Enterprise", "vendor": "CyberPower", "versions": [ { "status": "affected", "version": "v2.6.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Philippe Laulheret" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user \"cyberpower\" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials." } ], "value": "An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user \"cyberpower\" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials." } ], "impacts": [ { "capecId": "CAPEC-115", "descriptions": [ { "lang": "en", "value": "CAPEC-115 Authentication Bypass" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-150", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-14T04:08:06.402Z", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix" }, "references": [ { "url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2023-3265", "datePublished": "2023-08-14T04:08:06.402Z", "dateReserved": "2023-06-15T06:50:34.078Z", "dateUpdated": "2024-10-09T14:40:02.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-39342 (GCVE-0-2023-39342)
Vulnerability from cvelistv5
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
freedomofpress | dangerzone |
Version: < 0.4.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.832Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/freedomofpress/dangerzone/security/advisories/GHSA-pvwq-6vpp-2632", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/freedomofpress/dangerzone/security/advisories/GHSA-pvwq-6vpp-2632" }, { "name": "https://github.com/freedomofpress/dangerzone/pull/491", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/freedomofpress/dangerzone/pull/491" }, { "name": "https://github.com/freedomofpress/dangerzone/releases/tag/v0.4.2", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/freedomofpress/dangerzone/releases/tag/v0.4.2" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-39342", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:05:58.029365Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T15:06:10.772Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "dangerzone", "vendor": "freedomofpress", "versions": [ { "status": "affected", "version": "\u003c 0.4.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI (`dangerzone-cli` command) logs output from the container where the file sanitization takes place, to the user\u0027s terminal. Prior to version 0.4.2, if the container is compromised and can return attacker-controlled strings, then the attacker may be able to spoof messages in the user\u0027s terminal or change the window title. Besides logging output from containers, it also logs the names of the files it sanitizes. If these files contain ANSI escape sequences, then the same issue applies. Dangerzone is predominantly a GUI application, so this issue should leave most of our users unaffected. Nevertheless, we always suggest updating to the newest version. This issue is fixed in Dangerzone 0.4.2." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-150", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-08T17:31:10.609Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/freedomofpress/dangerzone/security/advisories/GHSA-pvwq-6vpp-2632", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/freedomofpress/dangerzone/security/advisories/GHSA-pvwq-6vpp-2632" }, { "name": "https://github.com/freedomofpress/dangerzone/pull/491", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/freedomofpress/dangerzone/pull/491" }, { "name": "https://github.com/freedomofpress/dangerzone/releases/tag/v0.4.2", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/freedomofpress/dangerzone/releases/tag/v0.4.2" } ], "source": { "advisory": "GHSA-pvwq-6vpp-2632", "discovery": "UNKNOWN" }, "title": "Dangerzone CLI does not sanitize ANSI escape characters " } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-39342", "datePublished": "2023-08-08T17:31:10.609Z", "dateReserved": "2023-07-28T13:26:46.476Z", "dateUpdated": "2024-10-04T15:06:10.772Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-40185 (GCVE-0-2023-40185)
Vulnerability from cvelistv5
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
ericcornelissen | shescape |
Version: < 1.7.4 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.947Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549" }, { "name": "https://github.com/ericcornelissen/shescape/pull/1142", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ericcornelissen/shescape/pull/1142" }, { "name": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63" }, { "name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40185", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-30T19:09:19.179504Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-30T19:14:01.973Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "shescape", "vendor": "ericcornelissen", "versions": [ { "status": "affected", "version": "\u003c 1.7.4" } ] } ], "descriptions": [ { "lang": "en", "value": "shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-150", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-23T20:20:45.807Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549" }, { "name": "https://github.com/ericcornelissen/shescape/pull/1142", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ericcornelissen/shescape/pull/1142" }, { "name": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63" }, { "name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4" } ], "source": { "advisory": "GHSA-j55r-787p-m549", "discovery": "UNKNOWN" }, "title": "Shescape on Windows escaping may be bypassed in threaded context" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-40185", "datePublished": "2023-08-23T20:20:45.807Z", "dateReserved": "2023-08-09T15:26:41.053Z", "dateUpdated": "2024-09-30T19:14:01.973Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-27936 (GCVE-0-2024-27936)
Vulnerability from cvelistv5
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "deno", "vendor": "deno", "versions": [ { "lessThan": "1.41.0", "status": "affected", "version": "1.32.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-27936", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T20:24:15.593823Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T20:26:36.870Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.809Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/denoland/deno/security/advisories/GHSA-m4pq-fv2w-6hrw", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/denoland/deno/security/advisories/GHSA-m4pq-fv2w-6hrw" }, { "name": "https://github.com/denoland/deno/commit/78d430103a8f6931154ddbbe19d36f3b8630286d", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/denoland/deno/commit/78d430103a8f6931154ddbbe19d36f3b8630286d" }, { "name": "https://github.com/denoland/deno/commit/7e6b94231290020b55f1d08fb03ea8132781abc5", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/denoland/deno/commit/7e6b94231290020b55f1d08fb03ea8132781abc5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "deno", "vendor": "denoland", "versions": [ { "status": "affected", "version": "\u003e= 1.32.1, \u003c 1.41.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to the program are based on the contents that contain the ANSI escape sequences. Any Deno program can spoof the content of the interactive permission prompt by inserting a broken ANSI code, which allows a malicious Deno program to display the wrong file path or program name to the user. Version 1.41.0 of the deno library contains a patch for the issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-150", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T12:42:08.776Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/denoland/deno/security/advisories/GHSA-m4pq-fv2w-6hrw", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/denoland/deno/security/advisories/GHSA-m4pq-fv2w-6hrw" }, { "name": "https://github.com/denoland/deno/commit/78d430103a8f6931154ddbbe19d36f3b8630286d", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/denoland/deno/commit/78d430103a8f6931154ddbbe19d36f3b8630286d" }, { "name": "https://github.com/denoland/deno/commit/7e6b94231290020b55f1d08fb03ea8132781abc5", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/denoland/deno/commit/7e6b94231290020b55f1d08fb03ea8132781abc5" } ], "source": { "advisory": "GHSA-m4pq-fv2w-6hrw", "discovery": "UNKNOWN" }, "title": "Deno interactive permission prompt spoofing via improper ANSI stripping" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-27936", "datePublished": "2024-03-06T21:05:59.251Z", "dateReserved": "2024-02-28T15:14:14.217Z", "dateUpdated": "2024-08-02T00:41:55.809Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phases:
Description:
- Developers should anticipate that escape, meta and control characters/sequences will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation ID: MIT-28
Phase: Implementation
Strategy: Output Encoding
Description:
- While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88).
Mitigation ID: MIT-20
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
CAPEC-134: Email Injection
An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol.
CAPEC-41: Using Meta-characters in E-mail Headers to Inject Malicious Payloads
This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs. Email software has become increasingly sophisticated and feature-rich. In addition, email applications are ubiquitous and connected directly to the Web making them ideal targets to launch and propagate attacks. As the user demand for new functionality in email applications grows, they become more like browsers with complex rendering and plug in routines. As more email functionality is included and abstracted from the user, this creates opportunities for attackers. Virtually all email applications do not list email header information by default, however the email header contains valuable attacker vectors for the attacker to exploit particularly if the behavior of the email client application is known. Meta-characters are hidden from the user, but can contain scripts, enumerations, probes, and other attacks against the user's system.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
CAPEC-93: Log Injection-Tampering-Forging
This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.