ghsa

### Summary The user-provided string `depName` in the `hermit` manager is appended to the `./hermit install` and `./hermit uninstall` commands without proper sanitization. ### Details Adversaries can provide a maliciously named hermit dependency in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute arbitrary code. All values added to the `packagesToInstall` and `packagesToUninstall` variables in [lib/modules/manager/hermit/artifacts.ts](https://github.com/renovatebot/renovate/blob/41e8b99f86a6e2a56f80f7aa1a08a59d76f2358c/lib/modules/manager/hermit/artifacts.ts) are not being escaped using the `quote` function from the `shlex` package. This lack of proper sanitization for installing packages has been present in the product since the introduction of the hermit manager in version 32.135.0 (https://github.com/renovatebot/renovate/commit/b696abb3c2741508fbb4029f39153140a3722e1e), released on July 30 of 2022. In version 37.199.1 (https://github.com/renovate...

### Summary The user-provided string `packageName` in the `npm` manager is appended to the `npm install` command during lock maintenance without proper sanitization. ### Details Adversaries can provide a maliciously crafted Renovate configuration file to trick Renovate to execute arbitrary code. The user-provided workspace names and package keys that are added to the `updateCmd` variables in [lib/modules/manager/npm/post-update/npm.ts](https://github.com/renovatebot/renovate/blob/5bdaf47eebde770107017c47557bca41189db588/lib/modules/manager/npm/post-update/npm.ts) are not being escaped using the `quote` function from the `shlex` package. This lack of proper sanitization has been present in the product since version 35.63.0 (https://github.com/renovatebot/renovate/commit/012c0ac2fe32832e60a62bde405c0a241efd314c), released on April 27 of 2023. ### PoC 1. Create a git repo with the following content: `renovate.json5`: ```json5 { $schema: "https://docs.renovatebot.com/renovate-schema...

### Summary The user-provided chart name in the `kustomize` manager is appended to the `helm pull --untar` command without proper sanitization. ### Details Adversaries can provide a maliciously crafted `kustomization.yaml` in conjunction with a Helm repo's `index.yaml` file to trick Renovate to execute arbitrary code. The value for the `depName` argument for the `helmRepositoryArgs` function in [lib/modules/manager/kustomize/artifacts.ts](https://github.com/renovatebot/renovate/blob/cc08c6e98f19e6258c5d3180c70c98e1be0b0d37/lib/modules/manager/kustomize/artifacts.ts#L33) is not being escaped using the `quote` function from the `shlex` package. This lack of proper sanitization has been present in the product since version 39.218.9 (https://github.com/renovatebot/renovate/commit/cc08c6e98f19e6258c5d3180c70c98e1be0b0d37), released on March 26 of 2025. ### PoC 1. Create a mock Helm repository. Have its `index.yaml` endpoint return: ```yaml apiVersion: v1 entries: "example || kill 1; ech...

### Summary Renovate can be tricked into executing shell code while updating the Gradle Wrapper. A malicious `distributionUrl` in `gradle/wrapper/gradle-wrapper.properties` can lead to command execution in the Renovate runtime. ### Details When Renovate handles Gradle Wrapper artifacts, it may run a wrapper update command such as: - `./gradlew :wrapper --gradle-distribution-url <value>` In the observed behavior, Renovate executes this via a shell (e.g., `/bin/sh -c ...`). If `distributionUrl` contains shell command substitution syntax like `$(...)`, the shell evaluates it **before** Gradle validates/parses the URL. After that, Gradle attempts to parse the URL as a URI and fails with `URISyntaxException`, but the shell substitution has already executed. This is reproducible even when `allowScripts` is disabled (default is OFF), because this execution happens as part of Gradle Wrapper artifact handling rather than “repository install scripts”. Prerequisites / attack conditions: - ...

### Impact Within Umbraco Forms, configuring a malicious URL on the Webservice data source can result in Remote Code Execution. This affects all Umbraco Forms versions running on .NET Framework (up to and including version 8). ### Patches The affected Umbraco Forms versions are all End-of-Life (EOL) and not supported anymore, hence no patches will be released. Upgrading to any of the currently supported versions (v13, v16 or v17) is recommended. ### Workarounds If none of the configured Forms data sources uses the Webservice type, it can be safely excluded by adding the following code to the application. This will completely remove the option to select/use this data source within the Backoffice and thereby mitigate the vulnerability. ```c# using Umbraco.Core.Composing; using Umbraco.Forms.Core.Providers; using Umbraco.Forms.Core.Providers.DatasourceTypes; internal sealed class RemoveFormsWebserviceDataSourceTypeComposer : IUserComposer { public void Compose(Composition composit...

### Impact Gin-vue-admin <= v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attackers to access or write files outside the intended directory. In the breakpoint_continue.go file, the MakeFile function accepts a fileName parameter through the /fileUploadAndDownload/breakpointContinueFinish API endpoint and directly concatenates it with the base directory path (./fileDir/) using os.OpenFile() without any validation for directory traversal sequences (e.g., ../). Notably, while the related makeFileContent function in the same file properly validates the fileName parameter by checking for .. sequences, the MakeFile function lacks this security control, indicating an inconsistent security implementation. An **attacker with file upload privileges (role ID 888 - super administ...

### Impact The MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code. Here is an example OpenAPI with the exploit ```yaml openapi: 3.0.4 info: title: Swagger Petstore - OpenAPI 3.0 description: |- This is a sample Pet Store Server based on the OpenAPI 3.0 specification. You can find out more about Swagger at [https://swagger.io](https://swagger.io). In the third iteration of the pet store, we've switched to the design first approach! You can now help us improve the API whether it's by making changes to the definition itself or to the code. That way, with time, we can improve the API in general, and expose some of the new features in OAS3. Some useful links: - [The Pet Store repository](https://github.com/swagger-api/swagger-petstore) - [The source API defin...

## Impact **Vulnerability Type**: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the `config.ini` file. This can lead to security setting tampering or modification of application behavior. **Affected Users**: Users running ComfyUI-Manager in environments where ComfyUI is configured with the `--listen` option to allow remote access. **CVSS Score**: 7.5 (High) ## Patches Fixed in the following versions: - **3.39.2** (v3.x branch) - **4.0.5** (v4.x branch) Sanitization logic was added to the `write_config()` function to remove CRLF and NULL characters from all string values. ## Workarounds If upgrading is not possible: - Run ComfyUI-Manager only on trusted networks - Block external access via firewall - Run on localhost only without the `--listen` option ## References - [CWE-93: Improper Neutralization of CRLF Sequences](https://cwe.mitre.org/data/definitions/93.html) - [OWASP CRLF In...

### Summary OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of certain APIs, attacker-controlled parameter text is parsed into values using String#convert_to_value. For array-like inputs, convert_to_value executes eval(). Because the cmd code path parses the command string before calling authorize(), an unauthenticated attacker can trigger Ruby code execution even though the request ultimately fails authorization (401).

# Security Disclosure: SSRF via MetaIssuer Regex Bypass ## Summary Fulcio's `metaRegex()` function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through [Blind SSRF](https://portswigger.net/web-security/ssrf/blind). ## Impact - SSRF to cloud metadata (169.254.169.254) - SSRF to internal Kubernetes APIs - SSRF to any service accessible from Fulcio's network - Affects ALL deployments using MetaIssuers ## Patches Upgrade to v1.8.5. ## Workarounds None. If anchors are included in the meta issuer configuration URL, they will be escaped before the regular expression is compiled, not making this a sufficient mitigation. Deployments must upgrade to the latest Fulcio r...