Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit a70ca15f2189 · 2026-04-09T17:34:34.000Z
GHSA-3p68-rc4w-qgx5 GHSA-h749-fxx7-pwpg GHSA-q2gc-xjqw-qp89 GHSA-qqq7-4hxc-x63c GHSA-whf9-3hcx-gq54
diff --git a/advisories/github-reviewed/2026/04/GHSA-3p68-rc4w-qgx5/GHSA-3p68-rc4w-qgx5.json b/advisories/github-reviewed/2026/04/GHSA-3p68-rc4w-qgx5/GHSA-3p68-rc4w-qgx5.json
@@ -0,0 +1,82 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3p68-rc4w-qgx5",
+  "modified": "2026-04-09T17:32:19Z",
+  "published": "2026-04-09T17:32:19Z",
+  "aliases": [
+    "CVE-2025-62718"
+  ],
+  "summary": "Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF",
+  "details": "Axios does not correctly handle hostname normalization when checking `NO_PROXY` rules.\nRequests to loopback addresses like `localhost.` (with a trailing dot) or `[::1]` (IPv6 literal) skip `NO_PROXY` matching and go through the configured proxy.\n\nThis goes against what developers expect and lets attackers force requests through a proxy, even if `NO_PROXY` is set up to protect loopback or internal services.\n\nAccording to [RFC 1034 §3.1](https://datatracker.ietf.org/doc/html/rfc1034#section-3.1) and [RFC 3986 §3.2.2](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2), a hostname can have a trailing dot to show it is a fully qualified domain name (FQDN). At the DNS level, `localhost.` is the same as `localhost`. \nHowever, Axios does a literal string comparison instead of normalizing hostnames before checking `NO_PROXY`. This causes requests like `http://localhost.:8080/` and `http://[::1]:8080/` to be incorrectly proxied.\n\nThis issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections.\n\n---\n\n**PoC**\n\n```js\nimport http from \"http\";\nimport axios from \"axios\";\n\nconst proxyPort = 5300;\n\nhttp.createServer((req, res) => {\n  console.log(\"[PROXY] Got:\", req.method, req.url, \"Host:\", req.headers.host);\n  res.writeHead(200, { \"Content-Type\": \"text/plain\" });\n  res.end(\"proxied\");\n}).listen(proxyPort, () => console.log(\"Proxy\", proxyPort));\n\nprocess.env.HTTP_PROXY = `http://127.0.0.1:${proxyPort}`;\nprocess.env.NO_PROXY = \"localhost,127.0.0.1,::1\";\n\nasync function test(url) {\n  try {\n    await axios.get(url, { timeout: 2000 });\n  } catch {}\n}\n\nsetTimeout(async () => {\n  console.log(\"\\n[*] Testing http://localhost.:8080/\");\n  await test(\"http://localhost.:8080/\"); // goes through proxy\n\n  console.log(\"\\n[*] Testing http://[::1]:8080/\");\n  await test(\"http://[::1]:8080/\"); // goes through proxy\n}, 500);\n```\n\n**Expected:** Requests bypass the proxy (direct to loopback).\n**Actual:** Proxy logs requests for `localhost.` and `[::1]`.\n\n---\n\n**Impact**\n\n* Applications that rely on `NO_PROXY=localhost,127.0.0.1,::1` for protecting loopback/internal access are vulnerable.\n* Attackers controlling request URLs can:\n\n  * Force Axios to send local traffic through an attacker-controlled proxy.\n  * Bypass SSRF mitigations relying on NO\\_PROXY rules.\n  * Potentially exfiltrate sensitive responses from internal services via the proxy.\n  \n  \n---\n\n**Affected Versions**\n\n* Confirmed on Axios **1.12.2** (latest at time of testing).\n* affects all versions that rely on Axios’ current `NO_PROXY` evaluation.\n\n---\n\n**Remediation**\nAxios should normalize hostnames before evaluating `NO_PROXY`, including:\n\n* Strip trailing dots from hostnames (per RFC 3986).\n* Normalize IPv6 literals by removing brackets for matching.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "axios"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.15.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/axios/axios/pull/10661"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
+    },
+    {
+      "type": "WEB",
+      "url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/axios/axios"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/axios/axios/releases/tag/v1.15.0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-441",
+      "CWE-918"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-09T17:32:19Z",
+    "nvd_published_at": "2026-04-09T15:16:08Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-h749-fxx7-pwpg/GHSA-h749-fxx7-pwpg.json b/advisories/github-reviewed/2026/04/GHSA-h749-fxx7-pwpg/GHSA-h749-fxx7-pwpg.json
@@ -0,0 +1,73 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h749-fxx7-pwpg",
+  "modified": "2026-04-09T17:32:31Z",
+  "published": "2026-04-09T17:32:31Z",
+  "aliases": [
+    "CVE-2026-39414"
+  ],
+  "summary": "MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing",
+  "details": "### Impact\n\n_What kind of vulnerability is it? Who is impacted?_\n\nMinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV \nfiles containing lines longer than available memory. The CSV reader's `nextSplit()` \nfunction calls `bufio.Reader.ReadBytes('\\n')` with no size limit, buffering the entire \ninput in memory until a newline is found. A CSV file with no newline characters \ncauses the entire contents to be read into a single allocation, leading to an OOM\ncrash of the MinIO server process.\n\nThis is exploitable by any authenticated user with `s3:PutObject` and `s3:GetObject` \npermissions. The attack is especially practical when combined with compression: \na ~2 MB gzip-compressed CSV can decompress to gigabytes of data without \nnewlines, allowing a small upload to cause large memory consumption on \nthe server. However, compression is not required — a sufficiently large uncompressed \nCSV with no newlines triggers the same issue.\n\n**Affected component:** `internal/s3select/csv/reader.go`, function\n`nextSplit()`.\n\n**CWE:** CWE-770 (Allocation of Resources Without Limits or Throttling)\n\n### Affected Versions\n\nAll MinIO releases are through the final release of the minio/minio open-source project.\n\nThe vulnerability was introduced in commit https://github.com/minio/minio/commit/7c14cdb60e53dbfdad2be644dfb180cab19fffa7, which added S3 Select support for CSV. \nThe CSV reader has used unbounded line reads since this commit (originally via \nGo's stdlib `encoding/csv.Reader`, later via `bufio.Reader.ReadBytes` after a refactor \nin [PR #8200](https://github.com/minio/minio/pull/8200). \n\nThe first affected release is `RELEASE.2018-08-18T03-49-57Z`.\n\n### Patches\n\n**Fixed in**: MinIO AIStor RELEASE.2025-12-20T04-58-37Z\n\nThe fix replaces the unbounded `bufio.Reader.ReadBytes('\\n')` call with a\nbyte-at-a-time loop that caps line scanning at 128 KB (`csvSplitSize`). If no\nnewline is found within this limit, the reader returns an error instead of\ncontinuing to buffer.\n\n#### Binary Downloads\n\n| Platform | Architecture | Download                                                                    |\n| -------- | ------------ | --------------------------------------------------------------------------- |\n| Linux    | amd64        | [minio](https://dl.min.io/aistor/minio/release/linux-amd64/minio)           |\n| Linux    | arm64        | [minio](https://dl.min.io/aistor/minio/release/linux-arm64/minio)           |\n| macOS    | arm64        | [minio](https://dl.min.io/aistor/minio/release/darwin-arm64/minio)          |\n| macOS    | amd64        | [minio](https://dl.min.io/aistor/minio/release/darwin-amd64/minio)          |\n| Windows  | amd64        | [minio.exe](https://dl.min.io/aistor/minio/release/windows-amd64/minio.exe) |\n\n#### FIPS Binaries\n\n| Platform | Architecture | Download                                                                    |\n| -------- | ------------ | --------------------------------------------------------------------------- |\n| Linux    | amd64        | [minio.fips](https://dl.min.io/aistor/minio/release/linux-amd64/minio.fips) |\n| Linux    | arm64        | [minio.fips](https://dl.min.io/aistor/minio/release/linux-arm64/minio.fips) |\n\n#### Package Downloads\n\n| Format | Architecture | Download                                                                                                                            |\n| ------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------- |\n| DEB    | amd64        | [minio_20251220045837.0.0_amd64.deb](https://dl.min.io/aistor/minio/release/linux-amd64/minio_20251220045837.0.0_amd64.deb)         |\n| DEB    | arm64        | [minio_20251220045837.0.0_arm64.deb](https://dl.min.io/aistor/minio/release/linux-arm64/minio_20251220045837.0.0_arm64.deb)         |\n| RPM    | amd64        | [minio-20251220045837.0.0-1.x86_64.rpm](https://dl.min.io/aistor/minio/release/linux-amd64/minio-20251220045837.0.0-1.x86_64.rpm)   |\n| RPM    | arm64        | [minio-20251220045837.0.0-1.aarch64.rpm](https://dl.min.io/aistor/minio/release/linux-arm64/minio-20251220045837.0.0-1.aarch64.rpm) |\n\n#### Container Images\n\n```bash\n# Standard\ndocker pull quay.io/minio/aistor/minio:RELEASE.2025-12-20T04-58-37Z\npodman pull quay.io/minio/aistor/minio:RELEASE.2025-12-20T04-58-37Z\n\n# FIPS\ndocker pull quay.io/minio/aistor/minio:RELEASE.2025-12-20T04-58-37Z.fips\npodman pull quay.io/minio/aistor/minio:RELEASE.2025-12-20T04-58-37Z.fips\n```\n\n#### Homebrew (macOS)\n\n```bash\nbrew install minio/aistor/minio\n```\n\n### Workarounds\n\n- [Users of the open-source `minio/minio` project should upgrade to MinIO AIStor `RELEASE.2025-12-20T04-58-37Z` or later.](https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/community-edition/)\n\nIf upgrading is not immediately possible:\n\n- **Disable S3 Select access via IAM policy.** Deny the `s3:GetObject` action\n  with a condition restricting `s3:prefix` on sensitive buckets, or more\n  specifically, deny `SelectObjectContent` requests at a reverse proxy by\n  blocking `POST` requests with `?select&select-type=2` query parameters.\n\n- **Restrict PutObject permissions.** Limit `s3:PutObject` grants to trusted\n  principals to reduce the attack surface. Note: this reduces risk but does not\n  eliminate the vulnerability since any authorized user can exploit it.\n\n### References\n\n- Introducing commit: [`7c14cdb60`](https://github.com/minio/minio/commit/7c14cdb60e53dbfdad2be644dfb180cab19fffa7) ([PR #6127](https://github.com/minio/minio/pull/6127))\n- [MinIO AIStor](https://min.io/aistor)",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/minio/minio"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0.0.0-20180815103019-7c14cdb60e53"
+            },
+            {
+              "last_affected": "0.0.0-20251203081239-27742d469462"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/minio/minio/security/advisories/GHSA-h749-fxx7-pwpg"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39414"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/minio/minio/pull/8200"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/minio/minio/commit/7c14cdb60e53dbfdad2be644dfb180cab19fffa7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/community-edition"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/minio/minio"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-770"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-09T17:32:31Z",
+    "nvd_published_at": "2026-04-08T21:16:58Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-q2gc-xjqw-qp89/GHSA-q2gc-xjqw-qp89.json b/advisories/github-reviewed/2026/04/GHSA-q2gc-xjqw-qp89/GHSA-q2gc-xjqw-qp89.json
@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q2gc-xjqw-qp89",
+  "modified": "2026-04-09T17:32:49Z",
+  "published": "2026-04-09T17:32:49Z",
+  "aliases": [],
+  "summary": "OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts",
+  "details": "## Impact\n\nstrictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts.\n\nThe approval-timeout fallback could allow inline eval commands that strictInlineEval was meant to require explicit approval for.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<=2026.4.2`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @zsxsoft and @KeenSecurityLab for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.4.8"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q2gc-xjqw-qp89"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-09T17:32:49Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-qqq7-4hxc-x63c/GHSA-qqq7-4hxc-x63c.json b/advisories/github-reviewed/2026/04/GHSA-qqq7-4hxc-x63c/GHSA-qqq7-4hxc-x63c.json
@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qqq7-4hxc-x63c",
+  "modified": "2026-04-09T17:32:58Z",
+  "published": "2026-04-09T17:32:58Z",
+  "aliases": [],
+  "summary": "OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration",
+  "details": "## Impact\n\nShared reply MEDIA: paths are treated as trusted and can trigger cross-channel local file exfiltration.\n\nA crafted shared reply MEDIA reference could cause another channel to read a local file path as trusted generated media.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<=2026.4.4`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @threalwinky for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.4.8"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qqq7-4hxc-x63c"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-668"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-09T17:32:58Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-whf9-3hcx-gq54/GHSA-whf9-3hcx-gq54.json b/advisories/github-reviewed/2026/04/GHSA-whf9-3hcx-gq54/GHSA-whf9-3hcx-gq54.json
@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-whf9-3hcx-gq54",
+  "modified": "2026-04-09T17:33:05Z",
+  "published": "2026-04-09T17:33:05Z",
+  "aliases": [],
+  "summary": "OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing",
+  "details": "## Impact\n\nOpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing.\n\nDevice token rotation could mint or preserve roles/scopes that had not gone through the intended pairing approval.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= v2026.04.01`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @nicky-cc  of Tencent zhuque Lab ([https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard)) for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.4.8"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-whf9-3hcx-gq54"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-09T17:33:05Z",
+    "nvd_published_at": null
+  }
+}
