Skip to content

Commit fbbda7d

Browse files
1 parent 7d31127 commit fbbda7d

10 files changed

Lines changed: 814 additions & 17 deletions

File tree

advisories/unreviewed/2026/06/GHSA-3c3g-7hwg-9qmr/GHSA-3c3g-7hwg-9qmr.json renamed to advisories/github-reviewed/2026/06/GHSA-3c3g-7hwg-9qmr/GHSA-3c3g-7hwg-9qmr.json

Lines changed: 27 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3c3g-7hwg-9qmr",
4-
"modified": "2026-06-02T03:31:26Z",
4+
"modified": "2026-07-09T13:44:24Z",
55
"published": "2026-06-02T03:31:26Z",
66
"aliases": [
77
"CVE-2026-10566"
88
],
9+
"summary": " FoundationAgents MetaGPT: Deserialization through flawed argument mapping via Message.check_instruct_content()",
910
"details": "A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
1011
"severity": [
1112
{
@@ -14,10 +15,30 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "PyPI",
25+
"name": "metagpt"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"last_affected": "0.8.2"
36+
}
37+
]
38+
}
39+
]
1840
}
1941
],
20-
"affected": [],
2142
"references": [
2243
{
2344
"type": "ADVISORY",
@@ -28,7 +49,7 @@
2849
"url": "https://github.com/FoundationAgents/MetaGPT/issues/2038"
2950
},
3051
{
31-
"type": "WEB",
52+
"type": "PACKAGE",
3253
"url": "https://github.com/FoundationAgents/MetaGPT"
3354
},
3455
{
@@ -53,8 +74,8 @@
5374
"CWE-20"
5475
],
5576
"severity": "LOW",
56-
"github_reviewed": false,
57-
"github_reviewed_at": null,
77+
"github_reviewed": true,
78+
"github_reviewed_at": "2026-07-09T13:44:24Z",
5879
"nvd_published_at": "2026-06-02T03:16:16Z"
5980
}
6081
}

advisories/unreviewed/2026/06/GHSA-95f6-rfpg-c3w8/GHSA-95f6-rfpg-c3w8.json renamed to advisories/github-reviewed/2026/06/GHSA-95f6-rfpg-c3w8/GHSA-95f6-rfpg-c3w8.json

Lines changed: 28 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-95f6-rfpg-c3w8",
4-
"modified": "2026-06-02T00:31:57Z",
4+
"modified": "2026-07-09T13:43:46Z",
55
"published": "2026-06-02T00:31:57Z",
66
"aliases": [
77
"CVE-2026-10291"
88
],
9+
"summary": "Claw Orchestrator has inefficient regular expression complexity via validateRegex()",
910
"details": "A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 3.7.1 is sufficient to resolve this issue. The identifier of the patch is 3f970a974c65a94555c25af9f2796f11315e4584. It is recommended to upgrade the affected component.",
1011
"severity": [
1112
{
@@ -14,10 +15,30 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "npm",
25+
"name": "@enderfga/claw-orchestrator"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"fixed": "3.7.1"
36+
}
37+
]
38+
}
39+
]
1840
}
1941
],
20-
"affected": [],
2142
"references": [
2243
{
2344
"type": "ADVISORY",
@@ -36,7 +57,7 @@
3657
"url": "https://github.com/Enderfga/claw-orchestrator/commit/3f970a974c65a94555c25af9f2796f11315e4584"
3758
},
3859
{
39-
"type": "WEB",
60+
"type": "PACKAGE",
4061
"url": "https://github.com/Enderfga/claw-orchestrator"
4162
},
4263
{
@@ -62,11 +83,12 @@
6283
],
6384
"database_specific": {
6485
"cwe_ids": [
86+
"CWE-1333",
6587
"CWE-400"
6688
],
6789
"severity": "MODERATE",
68-
"github_reviewed": false,
69-
"github_reviewed_at": null,
90+
"github_reviewed": true,
91+
"github_reviewed_at": "2026-07-09T13:43:46Z",
7092
"nvd_published_at": "2026-06-01T22:16:24Z"
7193
}
7294
}

advisories/unreviewed/2026/06/GHSA-m2jr-x4gq-5rmj/GHSA-m2jr-x4gq-5rmj.json renamed to advisories/github-reviewed/2026/06/GHSA-m2jr-x4gq-5rmj/GHSA-m2jr-x4gq-5rmj.json

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-m2jr-x4gq-5rmj",
4-
"modified": "2026-06-02T00:31:58Z",
4+
"modified": "2026-07-09T13:43:55Z",
55
"published": "2026-06-02T00:31:58Z",
66
"aliases": [
77
"CVE-2026-10300"
88
],
9+
"summary": "SGLang: Reachable Assertion via  lora_path  in LoRAManager enables remote Denial of Dervice",
910
"details": "A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora_path leads to reachable assertion. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.",
1011
"severity": [
1112
{
@@ -14,10 +15,30 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "PyPI",
25+
"name": "sglang"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"last_affected": "0.5.10.post1"
36+
}
37+
]
38+
}
39+
]
1840
}
1941
],
20-
"affected": [],
2142
"references": [
2243
{
2344
"type": "ADVISORY",
@@ -31,6 +52,10 @@
3152
"type": "WEB",
3253
"url": "https://github.com/sgl-project/sglang/pull/25078"
3354
},
55+
{
56+
"type": "WEB",
57+
"url": "https://github.com/sgl-project/sglang"
58+
},
3459
{
3560
"type": "WEB",
3661
"url": "https://vuldb.com/cve/CVE-2026-10300"
@@ -53,8 +78,8 @@
5378
"CWE-617"
5479
],
5580
"severity": "LOW",
56-
"github_reviewed": false,
57-
"github_reviewed_at": null,
81+
"github_reviewed": true,
82+
"github_reviewed_at": "2026-07-09T13:43:55Z",
5883
"nvd_published_at": "2026-06-01T23:16:19Z"
5984
}
6085
}
Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-382c-vx95-w3p5",
4+
"modified": "2026-07-09T13:44:51Z",
5+
"published": "2026-07-09T13:44:51Z",
6+
"aliases": [],
7+
"summary": "Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data",
8+
"details": "### Summary\n \n`GET /v1/contributors/:login/profile` and the `gittensory_get_contributor_profile` MCP tool skip the contributor-scoped access check that every sibling endpoint enforces. Any authenticated session/API/MCP token holder can read any contributor's profile; for confirmed Gittensor miners that exposes `alphaPerDay`, `taoPerDay`, `usdPerDay` (and the `hotkey` on the REST path). Authenticated cross-contributor disclosure, CWE-284 / IDOR.\n \n### Details\n \nIn `src/api/routes.ts` the profile handler returns `buildContributorProfile(...)` with no `requireContributorAccess` call. Every sibling (`/decision-pack`, `/repos/:owner/:repo/decision`, etc.) gates and 403s on a cross-contributor request — the profile route is the only omission. `buildContributorProfile` (`src/signals/engine.ts`) embeds `hotkey` and the three `*PerDay` fields for any confirmed miner.\n \nThe MCP tool `getContributorProfile` (`src/mcp/server.ts`) also omits `requireContributorAccess`. Its `redactSensitiveForMcp` filter only strips keys matching `hotkey|coldkey|wallet|private_key|privateKey|mnemonic`, so the hotkey is dropped but `alphaPerDay`/`taoPerDay`/`usdPerDay` pass through.\n \nThe codebase treats these as secret everywhere else — `decision-pack.ts` destructures the hotkey out before serving, and three sanitizers scrub hotkey/wallet from AI/comment output — which is why this is an oversight, not by-design.\n \nExposure: REST → hotkey + 3 financial fields; MCP → 3 financial fields (hotkey redacted).\n \n### PoC\n \n1. Get any valid session/API/MCP token.\n2. Pick a target `login` that is a confirmed miner.\n3. `GET /v1/contributors/{target}/profile` → 200 with `gittensor.hotkey`, `alphaPerDay`, `taoPerDay`, `usdPerDay`.\n4. `GET /v1/contributors/{target}/decision-pack` (same token) → 403, proving the missing gate.\n5. MCP `gittensory_get_contributor_profile` with `{target}` → result includes the three `*PerDay` fields.\n### Impact\n \nAny token holder can enumerate other miners' daily TAO/alpha/USD revenue (plus hotkey via REST) without authorization. All miners with snapshot data are affected.",
9+
"severity": [
10+
{
11+
"type": "CVSS_V3",
12+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
13+
}
14+
],
15+
"affected": [
16+
{
17+
"package": {
18+
"ecosystem": "npm",
19+
"name": "@jsonbored/gittensory-mcp"
20+
},
21+
"ranges": [
22+
{
23+
"type": "ECOSYSTEM",
24+
"events": [
25+
{
26+
"introduced": "0"
27+
},
28+
{
29+
"last_affected": "0.1.0"
30+
}
31+
]
32+
}
33+
]
34+
}
35+
],
36+
"references": [
37+
{
38+
"type": "WEB",
39+
"url": "https://github.com/JSONbored/gittensory/security/advisories/GHSA-382c-vx95-w3p5"
40+
},
41+
{
42+
"type": "WEB",
43+
"url": "https://github.com/JSONbored/gittensory/commit/811ef5fb9d748170011f8854d88c64627ad666a0"
44+
},
45+
{
46+
"type": "PACKAGE",
47+
"url": "https://github.com/JSONbored/gittensory"
48+
}
49+
],
50+
"database_specific": {
51+
"cwe_ids": [
52+
"CWE-284"
53+
],
54+
"severity": "MODERATE",
55+
"github_reviewed": true,
56+
"github_reviewed_at": "2026-07-09T13:44:51Z",
57+
"nvd_published_at": null
58+
}
59+
}

0 commit comments

Comments
 (0)