Publish Advisories

GHSA-rvhj-8chj-8v3c
GHSA-5jg4-p4qw-cgfr
GHSA-rvhj-8chj-8v3c

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-rvhj-8chj-8v3c/GHSA-rvhj-8chj-8v3c.json

@@ -0,0 +1,69 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rvhj-8chj-8v3c",
+  "modified": "2026-04-04T05:32:07Z",
+  "published": "2026-03-31T15:31:56Z",
+  "aliases": [
+    "CVE-2026-0596"
+  ],
+  "summary": "Mflow: Command Injection when serving models with enable_mlserver=True",
+  "details": "A command injection vulnerability exists in Mflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains shell metacharacters, such as `$()` or backticks, it allows for command substitution and execution of attacker-controlled commands. This vulnerability affects the latest version of mlflow/mlflow and can lead to privilege escalation if a higher-privileged service serves models from a directory writable by lower-privileged users.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "mflow"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.9.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0596"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mlflow/mlflow/pull/19738"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mlflow/mlflow/commit/202fac4c83ccc8544c087c142b80196d0e60695c"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/mlflow/mlflow"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/2e905add-f9f5-4309-a3db-b17de5981285"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-04T05:32:07Z",
+    "nvd_published_at": "2026-03-31T15:16:10Z"
+  }
+}

advisories/github-reviewed/2026/04/GHSA-5jg4-p4qw-cgfr/GHSA-5jg4-p4qw-cgfr.json

@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5jg4-p4qw-cgfr",
+  "modified": "2026-04-04T05:33:09Z",
+  "published": "2026-04-04T05:33:09Z",
+  "aliases": [],
+  "summary": "@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags",
+  "details": "### Summary\n\n`@stablelib/cbor` decodes nested CBOR structures recursively and does not enforce a maximum nesting depth. A sufficiently deep attacker-controlled CBOR payload can therefore crash decoding with `RangeError: Maximum call stack size exceeded`.\n\n### Details\n\nThe decoder processes arrays, maps, and tagged values through recursive calls. Each nested container causes another descent into `_decodeValue()` until a leaf value is reached.\n\nThere is no depth limit, no iterative fallback, and no protection against pathological nesting. An attacker can therefore supply a payload made of thousands of nested arrays, maps, or tags and force the decoder to recurse until the JavaScript call stack is exhausted.\n\n### PoC\n\n```js\nimport { decode } from \"@stablelib/cbor\";\n\nconst depth = 12000;\nconst payload = new Uint8Array(depth + 1);\n\n// Build [[[...[null]...]]]\npayload.fill(0x81, 0, depth); // array(1)\npayload[depth] = 0xf6;        // null\n\ndecode(payload);\n// RangeError: Maximum call stack size exceeded\n```\n\n### Impact\n\nAny application that decodes attacker-controlled CBOR can be forced into a reliable denial of service with a single crafted payload.\n\nThe immediate result is an exception during decoding. In services that do not catch that exception safely, the request fails and the worker or process handling the decode may terminate.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@stablelib/cbor"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.0.3"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/StableLib/stablelib/security/advisories/GHSA-5jg4-p4qw-cgfr"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/StableLib/stablelib/commit/0149e18d9d4736e22c257744ca945ebce7899a01"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/StableLib/stablelib"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-674"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-04T05:33:09Z",
+    "nvd_published_at": null
+  }
+}