Skip to content

Commit d867bfa

Browse files
1 parent 5cf2683 commit d867bfa

5 files changed

Lines changed: 357 additions & 41 deletions

File tree

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-83c5-hghm-jg6r",
4+
"modified": "2026-07-01T17:54:35Z",
5+
"published": "2023-07-21T21:30:32Z",
6+
"withdrawn": "2026-07-01T17:54:35Z",
7+
"aliases": [],
8+
"summary": "Duplicate Advisory: Open Babel has out-of-bounds write in MSI translationVectors[]",
9+
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-f8h2-c479-vqxf. This link is maintained to preserve external references.\n\n## Original Description\nMultiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the Gaussian file format",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [
17+
{
18+
"package": {
19+
"ecosystem": "PyPI",
20+
"name": "openbabel"
21+
},
22+
"ranges": [
23+
{
24+
"type": "ECOSYSTEM",
25+
"events": [
26+
{
27+
"introduced": "0"
28+
},
29+
{
30+
"fixed": "3.2.0"
31+
}
32+
]
33+
}
34+
]
35+
}
36+
],
37+
"references": [
38+
{
39+
"type": "ADVISORY",
40+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46295"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1666"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-119",
54+
"CWE-787"
55+
],
56+
"severity": "CRITICAL",
57+
"github_reviewed": true,
58+
"github_reviewed_at": "2026-07-01T17:54:35Z",
59+
"nvd_published_at": "2023-07-21T21:15:11Z"
60+
}
61+
}
Lines changed: 121 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,121 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2v4m-fw6c-g78f",
4+
"modified": "2026-07-01T17:56:51Z",
5+
"published": "2026-07-01T17:56:51Z",
6+
"aliases": [
7+
"CVE-2026-39379"
8+
],
9+
"summary": "GeoNetwork has reflected XSS through client-side template injection",
10+
"details": "### Summary\nIt is possible to craft a URL that causes GeoNetwork to reflect attacker-controlled content into an error page in a way that gets evaluated as a client-side template expression. Combined with known AngularJS sandbox-escape techniques, this can be used to execute arbitrary JavaScript in the victim's browser (reflected Cross-Site Scripting via client-side template injection).\n\n### Details\nWhen a user requests a service URL that does not exist or that they are not authorized to access, GeoNetwork shows an error page that reflects part of the original request back to the user without adequately neutralizing it for the context it is rendered in. Because this error page is an AngularJS application, attacker-controlled content in the reflected value can be interpreted as a template expression and evaluated once the page loads in the victim's browser, rather than being displayed as inert text.\n\n### Impact\nAn attacker can trick a user (including an administrator) into visiting a crafted link. The resulting script execution runs in the context of the victim's authenticated session and can be used to exfiltrate information or perform actions on the victim's behalf. For example, an attacker could inject a fake login form that looks identical to the legitimate GeoNetwork login page to harvest credentials.\n\nGeoNetwork 3.x and 4.0.x are archived/unmaintained and will not receive a fix for this issue. Instances running those lines should upgrade to a supported release (4.2.15 or later, or 4.4.10 or later).",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "org.geonetwork-opensource:geonetwork"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "3.0.0"
29+
},
30+
{
31+
"last_affected": "3.12.12"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Maven",
40+
"name": "org.geonetwork-opensource:geonetwork"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "4.0.0-alpha.1"
48+
},
49+
{
50+
"last_affected": "4.0.6"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Maven",
59+
"name": "org.geonetwork-opensource:geonetwork"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "4.2.0"
67+
},
68+
{
69+
"fixed": "4.2.15"
70+
}
71+
]
72+
}
73+
],
74+
"database_specific": {
75+
"last_known_affected_version_range": "<= 4.2.14"
76+
}
77+
},
78+
{
79+
"package": {
80+
"ecosystem": "Maven",
81+
"name": "org.geonetwork-opensource:geonetwork"
82+
},
83+
"ranges": [
84+
{
85+
"type": "ECOSYSTEM",
86+
"events": [
87+
{
88+
"introduced": "4.4.0"
89+
},
90+
{
91+
"fixed": "4.4.10"
92+
}
93+
]
94+
}
95+
],
96+
"database_specific": {
97+
"last_known_affected_version_range": "<= 4.4.9"
98+
}
99+
}
100+
],
101+
"references": [
102+
{
103+
"type": "WEB",
104+
"url": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2v4m-fw6c-g78f"
105+
},
106+
{
107+
"type": "PACKAGE",
108+
"url": "https://github.com/geonetwork/core-geonetwork"
109+
}
110+
],
111+
"database_specific": {
112+
"cwe_ids": [
113+
"CWE-1336",
114+
"CWE-79"
115+
],
116+
"severity": "HIGH",
117+
"github_reviewed": true,
118+
"github_reviewed_at": "2026-07-01T17:56:51Z",
119+
"nvd_published_at": null
120+
}
121+
}
Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-582q-v28r-7cxr",
4+
"modified": "2026-07-01T17:57:13Z",
5+
"published": "2026-07-01T17:57:13Z",
6+
"aliases": [
7+
"CVE-2026-46487"
8+
],
9+
"summary": "GeoNetwork has ACL bypass on Elasticsearch search when request body omits query field",
10+
"details": "### Summary\nGeoNetwork's Elasticsearch-backed search API is responsible for injecting access-control and visibility filters into every request before it reaches the underlying Elasticsearch index. Under certain request conditions, that filtering step does not run, allowing an unauthenticated user to retrieve indexed metadata records that should be restricted, including records limited to specific groups.\n\n### Details\nThe search proxy layer forwards client-supplied search requests to Elasticsearch after adding GeoNetwork's own access-control and filter clauses. A flaw in how that filter-injection step is triggered means it can be skipped under certain conditions, so the affected request reaches Elasticsearch without the intended access restrictions applied.\n\n### Impact\nThis is an authorization bypass leading to information disclosure (CWE-862: Missing Authorization). The skipped filter step is responsible for enforcing several layers of access control at once: group-based record visibility, draft record exclusion, record ownership checks, and portal-specific filtering.\n\nAny public-facing GeoNetwork 4.x instance (4.0.0-alpha.1 through 4.4.10) is affected. An unauthenticated attacker can retrieve the full contents of metadata records that should not be publicly visible.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "org.geonetwork-opensource:geonetwork"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "4.0.0-alpha.1"
29+
},
30+
{
31+
"last_affected": "4.0.6-0"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Maven",
40+
"name": "org.geonetwork-opensource:geonetwork"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "4.2.0"
48+
},
49+
{
50+
"fixed": "4.2.16"
51+
}
52+
]
53+
}
54+
],
55+
"database_specific": {
56+
"last_known_affected_version_range": "<= 4.2.15"
57+
}
58+
},
59+
{
60+
"package": {
61+
"ecosystem": "Maven",
62+
"name": "org.geonetwork-opensource:geonetwork"
63+
},
64+
"ranges": [
65+
{
66+
"type": "ECOSYSTEM",
67+
"events": [
68+
{
69+
"introduced": "4.4.0"
70+
},
71+
{
72+
"fixed": "4.4.11"
73+
}
74+
]
75+
}
76+
],
77+
"database_specific": {
78+
"last_known_affected_version_range": "<= 4.4.10-0"
79+
}
80+
}
81+
],
82+
"references": [
83+
{
84+
"type": "WEB",
85+
"url": "https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-582q-v28r-7cxr"
86+
},
87+
{
88+
"type": "PACKAGE",
89+
"url": "https://github.com/geonetwork/core-geonetwork"
90+
}
91+
],
92+
"database_specific": {
93+
"cwe_ids": [
94+
"CWE-862"
95+
],
96+
"severity": "HIGH",
97+
"github_reviewed": true,
98+
"github_reviewed_at": "2026-07-01T17:57:13Z",
99+
"nvd_published_at": null
100+
}
101+
}
Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-f8h2-c479-vqxf",
4+
"modified": "2026-07-01T17:54:42Z",
5+
"published": "2026-07-01T17:54:42Z",
6+
"aliases": [
7+
"CVE-2022-46295"
8+
],
9+
"summary": "Open Babel has out-of-bounds write in MSI translationVectors[]",
10+
"details": "### Summary\n\nA memory-safety vulnerability in Open Babel's MSI parser allowed an\nout-of-bounds write into the `translationVectors[]` array when\nreading a crafted input file.\n\n### Details\n\nThe MSI reader stored cell translation vectors into a fixed-size\n`translationVectors[]` array. A malformed input could push more\nvectors than the array had slots, causing a write past the end of\nthe array. One of five `translationVectors[]` OOB writes in the\nTALOS 2022 batch.\n\n### Impact\n\nOpen Babel is a C++ library and CLI used to read and write chemistry\nfile formats; it is shipped by Linux distributions and embedded in\nservices that may parse untrusted input. Triggering this vulnerability\nrequires the victim to open a malicious MSI file with the `obabel`\ntool, the `OBConversion` API, or any of the language bindings (Python,\nRuby, Java, R, Perl, C#, PHP).\n\n### Affected versions\n\nAll releases up to and including 3.1.1.\n\n### Patched version\n\n3.2.0 (released 2026-05-26).\n\n### Patch\n\nFix commit: https://github.com/openbabel/openbabel/commit/40e85213\n\nA minimized reproducer for this CVE is checked in under\n`test/files/fuzz_regress/` and is exercised on every CI build under\nASAN+UBSAN by the `fuzzregresstest` harness.\n\n### Credit\n\nReported by Cisco TALOS.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "openbabel"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "3.2.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/openbabel/openbabel/security/advisories/GHSA-f8h2-c479-vqxf"
42+
},
43+
{
44+
"type": "ADVISORY",
45+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46295"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/openbabel/openbabel/commit/40e852138f21d586b7ccdce6329e7b23a87168bb"
50+
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://github.com/openbabel/openbabel"
54+
},
55+
{
56+
"type": "WEB",
57+
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666"
58+
},
59+
{
60+
"type": "WEB",
61+
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1666"
62+
}
63+
],
64+
"database_specific": {
65+
"cwe_ids": [
66+
"CWE-119",
67+
"CWE-787"
68+
],
69+
"severity": "HIGH",
70+
"github_reviewed": true,
71+
"github_reviewed_at": "2026-07-01T17:54:42Z",
72+
"nvd_published_at": null
73+
}
74+
}

0 commit comments

Comments
 (0)