Skip to content

Commit aa165f4

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-562r-8445-54r2 GHSA-w757-4qv9-mghp GHSA-xf94-h87h-g9wr
1 parent 90a6ca0 commit aa165f4

3 files changed

Lines changed: 183 additions & 6 deletions

File tree

advisories/github-reviewed/2026/01/GHSA-562r-8445-54r2/GHSA-562r-8445-54r2.json

Lines changed: 91 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,91 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-562r-8445-54r2",
4+
"modified": "2026-01-13T19:02:52Z",
5+
"published": "2026-01-13T19:02:52Z",
6+
"aliases": [
7+
"CVE-2026-22777"
8+
],
9+
"summary": "ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler",
10+
"details": "## Impact\n\n**Vulnerability Type**: CRLF Injection via ConfigParser\n\nAn attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the `config.ini` file. This can lead to security setting tampering or modification of application behavior.\n\n**Affected Users**: Users running ComfyUI-Manager in environments where ComfyUI is configured with the `--listen` option to allow remote access.\n\n**CVSS Score**: 7.5 (High)\n\n## Patches\n\nFixed in the following versions:\n- **3.39.2** (v3.x branch)\n- **4.0.5** (v4.x branch)\n\nSanitization logic was added to the `write_config()` function to remove CRLF and NULL characters from all string values.\n\n## Workarounds\n\nIf upgrading is not possible:\n- Run ComfyUI-Manager only on trusted networks\n- Block external access via firewall\n- Run on localhost only without the `--listen` option\n\n## References\n\n- [CWE-93: Improper Neutralization of CRLF Sequences](https://cwe.mitre.org/data/definitions/93.html)\n- [OWASP CRLF Injection](https://owasp.org/www-community/vulnerabilities/CRLF_Injection)\n\n## Credit\n\nThis vulnerability was reported by:\n- 李存义 <xiaoheihei1107@gmail.com>\n- D0n9 Li <wyd0n9@gmail.com>\n- Swings <swing@mail.exp.sh>\n- Osword from SGLAB of Legendsec at Qi'anxin Group <zhzhdoai@gmail.com>",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "comfy-cli"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "4.0.0"
29+
},
30+
{
31+
"fixed": "4.0.5"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 4.0.4"
38+
}
39+
},
40+
{
41+
"package": {
42+
"ecosystem": "PyPI",
43+
"name": "comfy-cli"
44+
},
45+
"ranges": [
46+
{
47+
"type": "ECOSYSTEM",
48+
"events": [
49+
{
50+
"introduced": "0"
51+
},
52+
{
53+
"fixed": "3.39.2"
54+
}
55+
]
56+
}
57+
]
58+
}
59+
],
60+
"references": [
61+
{
62+
"type": "WEB",
63+
"url": "https://github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-562r-8445-54r2"
64+
},
65+
{
66+
"type": "ADVISORY",
67+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22777"
68+
},
69+
{
70+
"type": "WEB",
71+
"url": "https://github.com/Comfy-Org/ComfyUI-Manager/commit/ef8703a3d7ab4e6ecda8f96e0c5816c23d1cb262"
72+
},
73+
{
74+
"type": "WEB",
75+
"url": "https://github.com/Comfy-Org/ComfyUI-Manager/commit/f4fa394e0f03b013f1068c96cff168ad10bd0410"
76+
},
77+
{
78+
"type": "PACKAGE",
79+
"url": "https://github.com/Comfy-Org/ComfyUI-Manager"
80+
}
81+
],
82+
"database_specific": {
83+
"cwe_ids": [
84+
"CWE-93"
85+
],
86+
"severity": "HIGH",
87+
"github_reviewed": true,
88+
"github_reviewed_at": "2026-01-13T19:02:52Z",
89+
"nvd_published_at": "2026-01-10T07:16:03Z"
90+
}
91+
}

advisories/github-reviewed/2026/01/GHSA-w757-4qv9-mghp/GHSA-w757-4qv9-mghp.json

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-w757-4qv9-mghp",
4+
"modified": "2026-01-13T19:01:49Z",
5+
"published": "2026-01-13T19:01:49Z",
6+
"aliases": [
7+
"CVE-2025-68271"
8+
],
9+
"summary": "openc3-api Vulnerable to Unauthenticated Remote Code Execution",
10+
"details": "### Summary\nOpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of certain APIs, attacker-controlled parameter text is parsed into values using String#convert_to_value. For array-like inputs, convert_to_value executes eval().\n\nBecause the cmd code path parses the command string before calling authorize(), an unauthenticated attacker can trigger Ruby code execution even though the request ultimately fails authorization (401).",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "RubyGems",
21+
"name": "openc3"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "5.0.6"
29+
},
30+
{
31+
"fixed": "6.10.2"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-w757-4qv9-mghp"
42+
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/OpenC3/cosmos/commit/01e9fbc5e66e9a2500b71a75a44775dd1fc2d1de"
46+
},
47+
{
48+
"type": "PACKAGE",
49+
"url": "https://github.com/OpenC3/cosmos"
50+
}
51+
],
52+
"database_specific": {
53+
"cwe_ids": [
54+
"CWE-95"
55+
],
56+
"severity": "CRITICAL",
57+
"github_reviewed": true,
58+
"github_reviewed_at": "2026-01-13T19:01:49Z",
59+
"nvd_published_at": null
60+
}
61+
}

advisories/unreviewed/2026/01/GHSA-xf94-h87h-g9wr/GHSA-xf94-h87h-g9wr.json renamed to advisories/github-reviewed/2026/01/GHSA-xf94-h87h-g9wr/GHSA-xf94-h87h-g9wr.json

Lines changed: 31 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-xf94-h87h-g9wr",
4-
"modified": "2026-01-10T15:31:22Z",
4+
"modified": "2026-01-13T19:03:20Z",
55
"published": "2026-01-10T15:31:22Z",
66
"aliases": [
77
"CVE-2026-0824"
88
],
9+
"summary": "QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting",
910
"details": "A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.1.10 is recommended to address this issue. The patch is identified as b42fd9f18476d844ae181a10a249e003dafb823d. You should upgrade the affected component. The vendor confirmed early that the fix \"is going to be released as a part of QuestDB 9.3.0\" as well.",
1011
"severity": [
1112
{
@@ -14,10 +15,30 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "npm",
25+
"name": "@questdb/web-console"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"fixed": "1.1.10"
36+
}
37+
]
38+
}
39+
]
1840
}
1941
],
20-
"affected": [],
2142
"references": [
2243
{
2344
"type": "ADVISORY",
@@ -43,6 +64,10 @@
4364
"type": "WEB",
4465
"url": "https://github.com/questdb/questdb/releases/tag/9.3.0"
4566
},
67+
{
68+
"type": "PACKAGE",
69+
"url": "https://github.com/questdb/ui"
70+
},
4671
{
4772
"type": "WEB",
4873
"url": "https://vuldb.com/?ctiid.340357"
@@ -60,9 +85,9 @@
6085
"cwe_ids": [
6186
"CWE-79"
6287
],
63-
"severity": "MODERATE",
64-
"github_reviewed": false,
65-
"github_reviewed_at": null,
88+
"severity": "LOW",
89+
"github_reviewed": true,
90+
"github_reviewed_at": "2026-01-13T19:03:20Z",
6691
"nvd_published_at": "2026-01-10T15:15:50Z"
6792
}
6893
}

0 commit comments

Comments
 (0)