Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 92659e8c2ac3 · 2026-03-29T15:39:51.000Z
GHSA-44f4-gvwj-6qg3 GHSA-46wh-3698-f2cx GHSA-44f4-gvwj-6qg3
diff --git a/advisories/github-reviewed/2026/03/GHSA-44f4-gvwj-6qg3/GHSA-44f4-gvwj-6qg3.json b/advisories/github-reviewed/2026/03/GHSA-44f4-gvwj-6qg3/GHSA-44f4-gvwj-6qg3.json
@@ -0,0 +1,93 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-44f4-gvwj-6qg3",
+  "modified": "2026-03-29T15:36:29Z",
+  "published": "2026-03-27T06:31:43Z",
+  "aliases": [
+    "CVE-2026-22744"
+  ],
+  "summary": "Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters",
+  "details": "In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.ai:spring-ai-redis-store"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.0.0-M5"
+            },
+            {
+              "fixed": "1.0.5"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.ai:spring-ai-redis-store"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.1.0-M1"
+            },
+            {
+              "fixed": "1.1.4"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22744"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/spring-projects/spring-ai/commit/707e990c9152aabb9c9226053725efa2ada72223"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/spring-projects/spring-ai"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/spring-projects/spring-ai/releases/tag/v1.0.5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/spring-projects/spring-ai/releases/tag/v1.1.4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://spring.io/security/cve-2026-22744"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74",
+      "CWE-943"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-29T15:36:29Z",
+    "nvd_published_at": "2026-03-27T06:16:38Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-46wh-3698-f2cx/GHSA-46wh-3698-f2cx.json b/advisories/github-reviewed/2026/03/GHSA-46wh-3698-f2cx/GHSA-46wh-3698-f2cx.json
@@ -0,0 +1,114 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-46wh-3698-f2cx",
+  "modified": "2026-03-29T15:37:29Z",
+  "published": "2026-03-29T15:37:28Z",
+  "aliases": [],
+  "summary": "Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)",
+  "details": "## Summary\n\nThere is a potential vulnerability in Traefik due to its dependency on an affected version of gRPC-Go (CVE-2026-33186).\n\nA remote, unauthenticated attacker can send gRPC requests with a malformed HTTP/2 `:path` pseudo-header omitting the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server routes such requests correctly, path-based authorization interceptors evaluate the raw non-canonical path and fail to match \"deny\" rules, allowing the request to bypass the policy entirely if a fallback \"allow\" rule is present.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.42\n- https://github.com/traefik/traefik/releases/tag/v3.6.12\n- https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.3\n\n## For more information\n\nIf there are any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n<details>\n<summary>Original Description</summary>\n\n### Summary\nThis CVE hits traefik until Version 3.6.11 and 2.11.41.\ngRPC-Go has an authorization bypass via missing leading slash in :path\n### Details\nAs described in https://github.com/advisories/GHSA-p77j-4mvh-x3m3\n### PoC\nUpdate library version in \nhttps://github.com/traefik/traefik/blob/67c64ed9b25fbb90f1086977a62827133a7aa01b/go.mod#L108\n### Impact\nIs described in https://github.com/advisories/GHSA-p77j-4mvh-x3m3\n\n</details>\n\n\n----------",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/traefik/traefik/v2"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.11.42"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/traefik/traefik/v3"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3.0.0-beta3"
+            },
+            {
+              "fixed": "3.6.12"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/traefik/traefik/v3"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3.7.0-ea.1"
+            },
+            {
+              "fixed": "3.7.0-ea.3"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-46wh-3698-f2cx"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-p77j-4mvh-x3m3"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/traefik/traefik"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/traefik/traefik/blob/67c64ed9b25fbb90f1086977a62827133a7aa01b/go.mod#L108"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/traefik/traefik/releases/tag/v2.11.42"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/traefik/traefik/releases/tag/v3.6.12"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1395",
+      "CWE-285"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-29T15:37:28Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-44f4-gvwj-6qg3/GHSA-44f4-gvwj-6qg3.json b/advisories/unreviewed/2026/03/GHSA-44f4-gvwj-6qg3/GHSA-44f4-gvwj-6qg3.json
