Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 4f5b622ad9fb · 2026-04-04T06:27:30.000Z
GHSA-8x9r-hvwg-c55h GHSA-9jpj-g8vv-j5mf
diff --git a/advisories/github-reviewed/2026/04/GHSA-8x9r-hvwg-c55h/GHSA-8x9r-hvwg-c55h.json b/advisories/github-reviewed/2026/04/GHSA-8x9r-hvwg-c55h/GHSA-8x9r-hvwg-c55h.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8x9r-hvwg-c55h",
+  "modified": "2026-04-04T06:26:02Z",
+  "published": "2026-04-04T06:26:02Z",
+  "aliases": [
+    "CVE-2026-35454"
+  ],
+  "summary": "Code Extension Marketplace: Zip Slip Path Traversal",
+  "details": "# Zip Slip Path Traversal in coder/code-marketplace\n\n## Summary\n\nA Zip Slip (CWE-22) vulnerability in `coder/code-marketplace` ≤ v2.4.1 allowed a malicious VSIX file to write arbitrary files outside the extension directory. `ExtractZip` passed raw zip entry names to a callback that wrote files via `filepath.Join` with no boundary check; `filepath.Join` resolved `..` components but did not prevent the result from escaping the base path.\n\n\n## Root Cause\n\n`ExtractZip` passed the raw, attacker-controlled `zf.Name` to a caller-supplied callback:\n\n```go\nreturn false, fn(zf.Name, zr)  // zf.Name not sanitized\n```\n\n`AddExtension` constructed the output path with `filepath.Join` and no boundary check:\n\n```go\npath := filepath.Join(dir, name)              // zip loop\npath := filepath.Join(dir, file.RelativePath) // extra files loop\n```\n\n`filepath.Clean` resolved `..` lexically but did not confine the result to `dir`:\n\n```\nfilepath.Join(\"/srv/ext/pub/1.0\", \"../../../../etc/cron.d/evil\")\n  → \"/etc/cron.d/evil\"\n```\n\n## Attack Scenario\n\nAn authenticated user (any upload-capable role) would submit a VSIX containing path-traversal entries.\n\nOn extraction, files would land at attacker-chosen paths writable by the marketplace process, enabling persistence (cron/init injection), SSH key injection, `ld.so.preload` hijacking, or binary overwrite depending on process privileges.\n\n## Fix\n\nAddressed in https://github.com/coder/code-marketplace/releases/tag/v2.4.2\n\n## Recognition\nCoder would like to thank [Kandlaguduru Vamsi](https://www.linkedin.com/in/vamsi-k-5419632a9/) for responsibly disclosing this issue in accordance with https://coder.com/security/policy",
+  "severity": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/coder/code-marketplace"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.2.3-0.20260402184705-988440dee05f"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/coder/code-marketplace/security/advisories/GHSA-8x9r-hvwg-c55h"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/coder/code-marketplace/commit/988440dee05fceef8400ed725badc604dbf90792"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/coder/code-marketplace"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/coder/code-marketplace/releases/tag/v2.4.2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-04T06:26:02Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-9jpj-g8vv-j5mf/GHSA-9jpj-g8vv-j5mf.json b/advisories/github-reviewed/2026/04/GHSA-9jpj-g8vv-j5mf/GHSA-9jpj-g8vv-j5mf.json
@@ -0,0 +1,62 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9jpj-g8vv-j5mf",
+  "modified": "2026-04-04T06:26:55Z",
+  "published": "2026-04-04T06:26:55Z",
+  "aliases": [],
+  "summary": "OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter",
+  "details": "## Summary\n\nBefore OpenClaw 2026.4.2, the Gemini OAuth flow reused the PKCE verifier as the OAuth `state` value. Because the provider reflected `state` back in the redirect URL, the verifier could be exposed alongside the authorization code.\n\n## Impact\n\nAnyone who could capture the redirect URL could learn both the authorization code and the PKCE verifier, defeating PKCE's interception protection for that flow and enabling token redemption.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `a26f4d0f3ef0757db6c6c40277cc06a5de76c52f` — separate OAuth state from the PKCE verifier\n\nOpenClaw thanks @BG0ECV for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.4.2"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.4.1"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-345"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-04T06:26:55Z",
+    "nvd_published_at": null
+  }
+}
