Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 9e5b1e20a5cb · 2026-04-01T21:44:57.000Z
GHSA-frq9-7j6g-v74x GHSA-m5qp-6w8w-w647 GHSA-wm7j-m6jm-8797
diff --git a/advisories/github-reviewed/2026/04/GHSA-frq9-7j6g-v74x/GHSA-frq9-7j6g-v74x.json b/advisories/github-reviewed/2026/04/GHSA-frq9-7j6g-v74x/GHSA-frq9-7j6g-v74x.json
@@ -0,0 +1,118 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-frq9-7j6g-v74x",
+  "modified": "2026-04-01T21:44:09Z",
+  "published": "2026-04-01T21:44:09Z",
+  "aliases": [
+    "CVE-2026-34750"
+  ],
+  "summary": "Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints",
+  "details": "### Impact\n\nThe client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location.\n\nConsumers are affected if ALL of these are true:\n\n- Payload version **< v3.78.0**\n- Using client-upload signed-URL endpoints for any supported storage adapter\n\n  ## Patches\n\nThis vulnerability has been patched in **v3.78.0**. Filename validation has been hardened for client uploads.\n\nConsumers should upgrade to **v3.78.0** or later.\n\n## Workarounds\n\nConsumers can upgrade:\n\n- Limit access to client-upload signed-URL endpoints to trusted users only.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@payloadcms/storage-azure"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.78.0"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@payloadcms/storage-gcs"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.78.0"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@payloadcms/storage-r2"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.78.0"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@payloadcms/storage-s3"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.78.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/payloadcms/payload/security/advisories/GHSA-frq9-7j6g-v74x"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34750"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/payloadcms/payload"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T21:44:09Z",
+    "nvd_published_at": "2026-04-01T20:16:27Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-m5qp-6w8w-w647/GHSA-m5qp-6w8w-w647.json b/advisories/github-reviewed/2026/04/GHSA-m5qp-6w8w-w647/GHSA-m5qp-6w8w-w647.json
@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m5qp-6w8w-w647",
+  "modified": "2026-04-01T21:43:07Z",
+  "published": "2026-04-01T21:43:07Z",
+  "aliases": [
+    "CVE-2026-34516"
+  ],
+  "summary": "AIOHTTP has a Multipart Header Size Bypass",
+  "details": "### Summary\n\nA response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability.\n\n### Impact\n\nMultipart headers were not subject to the same size restrictions in place for normal headers, potentially allowing substantially more data to be loaded into memory than intended. However, other restrictions in place limit the impact of this vulnerability.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "aiohttp"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.13.4"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 3.13.3"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34516"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/aio-libs/aiohttp"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-770"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T21:43:07Z",
+    "nvd_published_at": "2026-04-01T21:16:59Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-wm7j-m6jm-8797/GHSA-wm7j-m6jm-8797.json b/advisories/github-reviewed/2026/04/GHSA-wm7j-m6jm-8797/GHSA-wm7j-m6jm-8797.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wm7j-m6jm-8797",
+  "modified": "2026-04-01T21:42:24Z",
+  "published": "2026-04-01T21:42:24Z",
+  "aliases": [
+    "CVE-2026-34526"
+  ],
+  "summary": "SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6",
+  "details": "### Details\nDistinct from CVE-2025-59159 and CVE-2026-26286 (all fixed in v1.16.0). This endpoint is still unpatched.\n\nIn `src/endpoints/search.js` line 419, the hostname is checked against `/^\\d+\\.\\d+\\.\\d+\\.\\d+$/`. This only matches literal dotted-quad IPv4 (e.g. `127.0.0.1`, `10.0.0.1`). It does not catch:\n- `localhost` (hostname, not dotted-quad)\n- `[::1]` (IPv6 loopback)\n- DNS names resolving to internal addresses (e.g. `localtest.me` -> 127.0.0.1)\n\nA separate port check (`urlObj.port !== ''`) limits exploitation to services on default ports (80/443), making this lower severity than a fully unrestricted SSRF.\n\n### PoC\n1. Start SillyTavern v1.16.0 normally\n2. Send requests to compare blocked vs bypassed (requires a valid session cookie or CSRF disabled):\n```bash\n# Blocked — dotted-quad matched by regex\ncurl -s -o /dev/null -w \"%{http_code}\" -X POST http://127.0.0.1:8000/api/search/visit \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"url\": \"http://127.0.0.1/\", \"html\": true}'\n# Returns: 400 (blocked)\n\n# Bypassed — \"localhost\" is not dotted-quad\ncurl -s -o /dev/null -w \"%{http_code}\" -X POST http://127.0.0.1:8000/api/search/visit \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"url\": \"http://localhost/\", \"html\": true}'\n# Returns: 500 (passed validation, fetch attempted, ECONNREFUSED because nothing on port 80)\n\n# Bypassed — IPv6 loopback is not dotted-quad\ncurl -s -o /dev/null -w \"%{http_code}\" -X POST http://127.0.0.1:8000/api/search/visit \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"url\": \"http://[::1]/\", \"html\": true}'\n# Returns: 500 (passed validation, fetch attempted)\n```\n\nThe 400 vs 500 difference confirms `localhost` and `[::1]` pass the IP check. The 500 is ECONNREFUSED (nothing listening on port 80), not a validation rejection.\n\n### Impact\nServer-side request forgery with partial restrictions. An authenticated user can force the server to fetch from internal hosts on default ports (80/443) using hostnames or IPv6 addresses that bypass the IP check. The full response body is returned. Lower severity than a fully unrestricted SSRF due to the port limitation.\n\n## Resolution\n\nThe issue was addressed in version 1.17.0 by improving IPv6 address validation",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "sillytavern"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.17.0"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.16.0"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-wm7j-m6jm-8797"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/SillyTavern/SillyTavern"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T21:42:24Z",
+    "nvd_published_at": null
+  }
+}
