Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit bb69fbcf8643 · 2026-03-18T20:22:15.000Z
GHSA-c267-rfvc-mvpm GHSA-g9f6-9775-hffm GHSA-j5q5-j9gm-2w5c GHSA-rp9g-qx29-88cp GHSA-c267-rfvc-mvpm
diff --git a/advisories/github-reviewed/2026/03/GHSA-c267-rfvc-mvpm/GHSA-c267-rfvc-mvpm.json b/advisories/github-reviewed/2026/03/GHSA-c267-rfvc-mvpm/GHSA-c267-rfvc-mvpm.json
@@ -0,0 +1,88 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c267-rfvc-mvpm",
+  "modified": "2026-03-18T20:20:39Z",
+  "published": "2026-03-18T09:30:29Z",
+  "aliases": [
+    "CVE-2026-22730"
+  ],
+  "summary": "SQL Injection in Spring AI MariaDBFilterExpressionConverter",
+  "details": "A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.\n\nThe vulnerability exists due to missing input sanitization.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.ai:spring-ai-mariadb-store"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.1.0-M1"
+            },
+            {
+              "fixed": "1.1.3"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.ai:spring-ai-mariadb-store"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.0.4"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22730"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/spring-projects/spring-ai"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/spring-projects/spring-ai/releases/tag/v1.0.4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/spring-projects/spring-ai/releases/tag/v1.1.3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://spring.io/security/cve-2026-22730"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T20:20:39Z",
+    "nvd_published_at": "2026-03-18T08:16:31Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-g9f6-9775-hffm/GHSA-g9f6-9775-hffm.json b/advisories/github-reviewed/2026/03/GHSA-g9f6-9775-hffm/GHSA-g9f6-9775-hffm.json
@@ -0,0 +1,62 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g9f6-9775-hffm",
+  "modified": "2026-03-18T20:21:37Z",
+  "published": "2026-03-18T20:21:37Z",
+  "aliases": [
+    "CVE-2026-33221"
+  ],
+  "summary": "Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload",
+  "details": "## Summary\n\nThe storage service's file upload handler trusts the client-provided `Content-Type` header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type, bypassing any MIME-type-based restrictions configured on storage buckets.\n\n## Affected Component\n\n- **Service**: `services/storage`\n- **File**: `services/storage/controller/upload_files.go`\n- **Function**: `getMultipartFile` (lines 48-70)\n\n## Root Cause\n\nIn `getMultipartFile`, if the client provides a non-empty `Content-Type` header that isn't `application/octet-stream`, the function returns it as-is without performing content-based detection:\n\n```go\ncontentType := file.header.Header.Get(\"Content-Type\")\nif contentType != \"\" && contentType != \"application/octet-stream\" {\n    return fileContent, contentType, nil // skip detection entirely\n}\n\n// mimetype.DetectReader only reached if client sends no Content-Type\n// or sends application/octet-stream\nmt, err := mimetype.DetectReader(fileContent)\n```\n\n## Impact\n\n**Incorrect MIME type in file metadata.** The MIME type stored in file metadata reflects what the client claims rather than what the file actually contains. Any system consuming this metadata (browsers, CDNs, applications) may handle the file incorrectly based on the spoofed type.\n\n## Suggested Fix\n\nAlways detect MIME type from file content using `mimetype.DetectReader`, ignoring the client-provided `Content-Type` header entirely.\n\n## References\n\n- CWE-345: Insufficient Verification of Data Authenticity\n- CWE-434: Unrestricted Upload of File with Dangerous Type",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/nhost/nhost"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.0.0-20260318074820-c4bd53f042d7"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/nhost/nhost/security/advisories/GHSA-g9f6-9775-hffm"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nhost/nhost/commit/c4bd53f042d7f568e567e18e2665af81660fce85"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/nhost/nhost"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-345",
+      "CWE-434"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T20:21:37Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-j5q5-j9gm-2w5c/GHSA-j5q5-j9gm-2w5c.json b/advisories/github-reviewed/2026/03/GHSA-j5q5-j9gm-2w5c/GHSA-j5q5-j9gm-2w5c.json
@@ -0,0 +1,133 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j5q5-j9gm-2w5c",
+  "modified": "2026-03-18T20:20:10Z",
+  "published": "2026-03-18T20:20:10Z",
+  "aliases": [
+    "CVE-2026-33211"
+  ],
+  "summary": "Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod",
+  "details": "### Summary\n\nThe Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`.\n\n### Details\n\nThe git resolver's `getFileContent()` function in `pkg/resolution/resolver/git/repository.go` constructs a file path by joining the repository clone directory with the user-supplied `pathInRepo` parameter:\n\n```go\nfileContents, err := os.ReadFile(filepath.Join(repo.directory, path))\n```\n\nThe `pathInRepo` parameter is not validated for path traversal sequences. An attacker can supply values like `../../../../etc/passwd` to escape the cloned repository directory and read arbitrary files from the resolver pod's filesystem.\n\nThe vulnerability was introduced in commit `318006c4e3a5` which switched the git resolver from the go-git library (using an in-memory filesystem that cannot be escaped) to shelling out to the `git` binary and reading files with `os.ReadFile()` from the real filesystem.\n\n### Impact\n\n**Arbitrary file read** — A namespace-scoped tenant who can create `TaskRuns` or `PipelineRuns` with git resolver parameters can read any file readable by the resolver pod process.\n\n**Credential exfiltration and privilege escalation** — The resolver pod's ServiceAccount token is readable at a well-known path (`/var/run/secrets/kubernetes.io/serviceaccount/token`). In the default RBAC configuration, the `tekton-pipelines-resolvers` ServiceAccount has `get`, `list`, and `watch` permissions on `secrets` cluster-wide. An attacker who exfiltrates this token gains the ability to read all Secrets across all namespaces, escalating from namespace-scoped access to cluster-wide secret access.\n\n### Patches\n\nFixed in 1.0.x, 1.3.x, 1.6.x, 1.9.x, 1.10.x.\n\nThe fix validates `pathInRepo` to reject paths containing `..` components at parameter validation time, and adds a containment check using `filepath.EvalSymlinks()` to prevent symlink-based escapes from attacker-controlled repositories.\n\n### Workarounds\n\nThere is no workaround other than restricting which users can create `TaskRuns`, `PipelineRuns`, or `ResolutionRequests` that use the git resolver. Administrators can also reduce the impact by scoping the resolver pod's ServiceAccount RBAC permissions using a custom `ClusterRole` with more restrictive rules.\n\n### Affected Versions\n\nAll releases from **v1.0.0** through **v1.10.0**, including all patch releases:\n\n- v1.0.0, v1.1.0, v1.2.0\n- v1.3.0, v1.3.1, v1.3.2\n- v1.4.0, v1.5.0, v1.6.0, v1.7.0\n- v1.9.0, v1.9.1, v1.10.0\n\nReleases prior to v1.0.0 (e.g. v0.70.0 and earlier) are **not affected** because they used the go-git library's in-memory filesystem where path traversal cannot escape the git worktree.\n\n### Acknowledgments\n\nThis vulnerability was reported by Oleh Konko (@1seal), who provided a thorough vulnerability analysis, proof-of-concept, and review of the fix. Thank you!\n\n### References\n\n- Fix: _(link to merged PR/commit)_\n- Introduced in: `318006c4e3a5` (\"fix: resolve Git Anonymous Resolver excessive memory usage\")",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/tektoncd/pipeline"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.0.0"
+            },
+            {
+              "fixed": "1.0.1"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/tektoncd/pipeline"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.1.0"
+            },
+            {
+              "fixed": "1.3.3"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/tektoncd/pipeline"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.4.0"
+            },
+            {
+              "fixed": "1.6.1"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/tektoncd/pipeline"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.7.0"
+            },
+            {
+              "fixed": "1.9.2"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/tektoncd/pipeline"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.10.0"
+            },
+            {
+              "fixed": "1.10.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/tektoncd/pipeline"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T20:20:10Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-rp9g-qx29-88cp/GHSA-rp9g-qx29-88cp.json b/advisories/github-reviewed/2026/03/GHSA-rp9g-qx29-88cp/GHSA-rp9g-qx29-88cp.json
@@ -1,24 +1,76 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rp9g-qx29-88cp",
-  "modified": "2026-03-18T18:31:14Z",
+  "modified": "2026-03-18T20:20:26Z",
   "published": "2026-03-18T09:30:28Z",
   "aliases": [
     "CVE-2026-22729"
   ],
+  "summary": "JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter",
   "details": "A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents.\n\nThis vulnerability affects applications using vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata.\n\nThe vulnerability occurs when user-supplied values in filter expressions are not escaped before being inserted into JSONPath queries. Special characters like \", ||, and && are passed through unescaped, allowing injection of arbitrary JSONPath logic that can alter the intended query semantics.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.ai:spring-ai-vector-store"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.1.0-M1"
+            },
+            {
+              "fixed": "1.1.3"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.ai:spring-ai-vector-store"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.0.4"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22729"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/spring-projects/spring-ai"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/spring-projects/spring-ai/releases/tag/v1.0.4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/spring-projects/spring-ai/releases/tag/v1.1.3"
+    },
     {
       "type": "WEB",
       "url": "https://spring.io/security/cve-2026-22729"
@@ -29,8 +81,8 @@
       "CWE-917"
     ],
     "severity": "HIGH",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T20:20:26Z",
     "nvd_published_at": "2026-03-18T08:16:31Z"
   }
 }
diff --git a/advisories/unreviewed/2026/03/GHSA-c267-rfvc-mvpm/GHSA-c267-rfvc-mvpm.json b/advisories/unreviewed/2026/03/GHSA-c267-rfvc-mvpm/GHSA-c267-rfvc-mvpm.json
