Publish Advisories

GHSA-3xm7-qw7j-qc8v
GHSA-6g7g-w4f8-9c9x
GHSA-h9q6-hc68-35rp
GHSA-jqcq-xjh3-6g23
GHSA-r8x2-fhmf-6mxp
GHSA-wgvc-ghv9-3pmm
GHSA-wmrf-hv6w-mr66

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-3xm7-qw7j-qc8v/GHSA-3xm7-qw7j-qc8v.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3xm7-qw7j-qc8v",
+  "modified": "2026-03-18T12:59:42Z",
+  "published": "2026-03-18T12:59:42Z",
+  "aliases": [
+    "CVE-2026-33060"
+  ],
+  "summary": "SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks",
+  "details": "## Summary\n\nThe `@aborruso/ckan-mcp-server` MCP server provides tools including `ckan_package_search` and `sparql_query` that accept a `base_url` parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network services.\n\n## Severity\n\nAttack complexity is HIGH because exploitation requires prompt injection via malicious content (webpage, document) while the victim's AI assistant has this MCP server connected.\n\n## Proof of Concept\n\nTested inside Docker-in-Docker isolated environment with canary HTTP sidecar.\n\n```json\n{\"tool\": \"ckan_package_search\", \"arguments\": {\"base_url\": \"http://canary:8080/ssrf\", \"query\": \"test\"}}\n```\n**Result**: Canary received **9 HTTP requests**. The high request volume confirms no rate limiting or URL validation.\n\n## Root Cause\n\nNo URL validation on `base_url` parameter. No private IP blocking (RFC 1918, link-local 169.254.x.x), no cloud metadata blocking. The `sparql_query` and `ckan_datastore_search_sql` tools also accept arbitrary base URLs and expose injection surfaces.\n\n## Impact\n\nInternal network scanning, cloud metadata theft (IAM credentials via IMDS at 169.254.169.254), potential SQL/SPARQL injection via unsanitized query parameters. Attack requires prompt injection to control the `base_url` parameter.\n\n## Recommended Fix\n\n1. Validate `base_url` against a configurable allowlist of permitted CKAN portals\n2. Block private IP ranges (RFC 1918, link-local)\n3. Block cloud metadata endpoints (169.254.169.254)\n4. Sanitize SQL input for datastore queries\n5. SPARQL endpoint allowlist\n\n## Credit\n\nDiscovered by [Andrei Boldyrev](https://github.com/abcgco) of Munio Security Research using [munio](https://munio.dev)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@aborruso/ckan-mcp-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.4.85"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/ondata/ckan-mcp-server/security/advisories/GHSA-3xm7-qw7j-qc8v"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/kysely-org/kysely/commit/0a602bff2f442f6c26d5e047ca8f8715179f6d24"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/ondata/ckan-mcp-server"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T12:59:42Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-6g7g-w4f8-9c9x/GHSA-6g7g-w4f8-9c9x.json

@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6g7g-w4f8-9c9x",
+  "modified": "2026-03-18T13:00:19Z",
+  "published": "2026-03-18T13:00:19Z",
+  "aliases": [],
+  "summary": "Denial of service in github.com/buger/jsonparser",
+  "details": "The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/buger/jsonparser"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "1.1.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/buger/jsonparser/issues/275"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/golang/vulndb/issues/4514"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cyber.securityinfinity.com/buger-jsonparser-negative-slice-panic-dos-2026"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/buger/jsonparser"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T13:00:19Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-h9q6-hc68-35rp/GHSA-h9q6-hc68-35rp.json

@@ -0,0 +1,82 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h9q6-hc68-35rp",
+  "modified": "2026-03-18T12:59:54Z",
+  "published": "2026-03-18T12:59:54Z",
+  "aliases": [],
+  "summary": "Denial of service in github.com/shamaton/msgpack",
+  "details": "The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/shamaton/msgpack/v2"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "2.4.0"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/shamaton/msgpack/v3"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.1.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/golang/vulndb/issues/4513"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/shamaton/msgpack/issues/59"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/shamaton/msgpack"
+    },
+    {
+      "type": "WEB",
+      "url": "https://securityinfinity.com/research/shamaton-msgpack-oob-panic-fixext-dos-2026"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T12:59:54Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-jqcq-xjh3-6g23/GHSA-jqcq-xjh3-6g23.json

@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jqcq-xjh3-6g23",
+  "modified": "2026-03-18T13:00:31Z",
+  "published": "2026-03-18T13:00:31Z",
+  "aliases": [],
+  "summary": "Denial of service in github.com/jackc/pgproto3/v2",
+  "details": "The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/jackc/pgproto3/v2"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.0.0"
+            },
+            {
+              "last_affected": "2.3.3"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/golang/vulndb/issues/4518"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jackc/pgx/issues/2507"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/jackc/pgproto3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://securityinfinity.com/research/memory-safety-vulnerabilities-in-go-postgresql-wire-protocol-parsers-pgproto3-pgx"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-129"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T13:00:31Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-r8x2-fhmf-6mxp/GHSA-r8x2-fhmf-6mxp.json

@@ -0,0 +1,73 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r8x2-fhmf-6mxp",
+  "modified": "2026-03-18T13:00:56Z",
+  "published": "2026-03-18T13:00:56Z",
+  "aliases": [
+    "CVE-2026-32811"
+  ],
+  "summary": "Heimdall: Path received via Envoy gRPC corrupted when containing query string",
+  "details": "### Summary\nWhen using heimdall in envoy gRPC decision API mode, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed.\n\nThe HTTP based decision API is NOT affected, and proxy mode is NOT affected either.\n\n**Note:** The issue can only lead to unintended access if heimdall is configured with an \"allow all\" default rule. Since v0.16.0, heimdall enforces secure defaults and refuses to start with such a configuration unless this enforcement is explicitly disabled, e.g. via `--insecure-skip-secure-default-rule-enforcement` or the broader `--insecure` flag.\n\n### Details\nEnvoy splits the requested URL into parts, and sends the parts individually to heimdall. Although `query` and `path` are present in the API, the `query` field is documented to be always empty and the URL query is included in the `path` field [1].\n\nThe implementation uses go's url library to reconstruct the url which automatically encodes special characters in the path. \n\n https://github.com/dadrus/heimdall/blob/1faba9e4160bd7ab3240cf6aa418e21bfef3401a/internal/handler/envoyextauth/grpcv3/request_context.go#L109-L115\n\nAs a consequence, a parameter like `/mypath?foo=bar` to `Path`  is escaped into  `/mypath%3Ffoo=bar`. Subsequently, a rule matching `/mypath` no longer matches and is bypassed.\n\n\n### PoC\n\nUsing the example docker compose setup, the `demo:public` rule is bypassed when adding a query parameter.\n\n> docker compose -f docker-compose-envoy-grpc.yaml -f docker-compose.yaml up\n\n```\ncurl http://127.0.0.1:9090/public\nHostname: 80201fead1c7\nIP: 127.0.0.1\nIP: ::1\nIP: 172.23.0.3\nRemoteAddr: 172.23.0.5:37056\nGET /public HTTP/1.1\nHost: 127.0.0.1:9090\nUser-Agent: curl/8.19.0\nAccept: */*\nX-Envoy-Expected-Rq-Timeout-Ms: 15000\nX-Forwarded-Proto: http\nX-Request-Id: 0a1f0f06-75ef-4f14-92af-16162ea1d9e5\n\ncurl -v http://127.0.0.1:9090/public?bypass\n*   Trying 127.0.0.1:9090...\n* Established connection to 127.0.0.1 (127.0.0.1 port 9090) from 127.0.0.1 port 47876 \n* using HTTP/1.x\n> GET /public?hallo HTTP/1.1\n> Host: 127.0.0.1:9090\n> User-Agent: curl/8.19.0\n> Accept: */*\n> \n* Request completely sent off\n< HTTP/1.1 401 Unauthorized\n< date: Sat, 14 Mar 2026 16:34:17 GMT\n< server: envoy\n< content-length: 0\n< \n* Connection #0 to host 127.0.0.1:9090 left intact\n```\n\nWhen using the HTTP decision API variant, the second request is matched by the rule as well:\n\n> docker compose -f docker-compose-envoy-http.yaml -f docker-compose.yaml up\n\n```\ncurl http://127.0.0.1:9090/public?bypass\nHostname: 80201fead1c7\nIP: 127.0.0.1\nIP: ::1\nIP: 172.23.0.4\nRemoteAddr: 172.23.0.2:38044\nGET /public?hallo HTTP/1.1\nHost: 127.0.0.1:9090\nUser-Agent: curl/8.19.0\nAccept: */*\nX-Envoy-Expected-Rq-Timeout-Ms: 15000\nX-Forwarded-Proto: http\nX-Request-Id: 5c961bc6-ad03-4a44-982b-abe04566fdd2\n```\n\n### Impact\n\nEveryone using heimdall with the envoy gRPC API may be affected. Users who configured a deny list in heimdall (with an allow-all default rule) are affected, as attackers can potentially circumvent a specific block rule by adding query parameters.\n\n[1] https://github.com/envoyproxy/envoy/blob/105b4acd422d67fcff908ec38d91c7676d079939/api/envoy/service/auth/v3/attribute_context.proto#L146-L147",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/dadrus/heimdall"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0.7.0-alpha"
+            },
+            {
+              "fixed": "0.17.11"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.17.10"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/dadrus/heimdall/security/advisories/GHSA-r8x2-fhmf-6mxp"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/dadrus/heimdall/pull/3106"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/dadrus/heimdall/commit/50321b3007db1ccafdc6b1cfd6bdc3689c19a502"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/dadrus/heimdall"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/envoyproxy/envoy/blob/105b4acd422d67fcff908ec38d91c7676d079939/api/envoy/service/auth/v3/attribute_context.proto#L146-L147"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-116",
+      "CWE-863"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T13:00:56Z",
+    "nvd_published_at": null
+  }
+}