diff --git a/advisories/unreviewed/2026/06/GHSA-42jc-v69j-g38f/GHSA-42jc-v69j-g38f.json b/advisories/unreviewed/2026/06/GHSA-42jc-v69j-g38f/GHSA-42jc-v69j-g38f.json index f98d7856dacd3..8ea3e9ab3d1ec 100644 --- a/advisories/unreviewed/2026/06/GHSA-42jc-v69j-g38f/GHSA-42jc-v69j-g38f.json +++ b/advisories/unreviewed/2026/06/GHSA-42jc-v69j-g38f/GHSA-42jc-v69j-g38f.json @@ -1,32 +1,93 @@ { "schema_version": "1.4.0", "id": "GHSA-42jc-v69j-g38f", - "modified": "2026-06-22T21:31:00Z", + "modified": "2026-06-22T21:31:01Z", "published": "2026-06-22T21:31:00Z", "aliases": [ "CVE-2026-39904" ], + "summary": "CVE-2026-39904: Uncontrolled Resource Consumption in ApplyTemplate() in GoPhish v0.12.1 Allows Attackers to Crash the Server (Denial of Service) via Malicious Office Document", "details": "Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate() function in models/attachment.go processes Office documents as ZIP archives and calls ioutil.ReadAll() on each contained file entry without enforcing size restrictions on uncompressed content, allowing a zip bomb payload to expand to several gigabytes in memory and cause the process to be terminated by the operating system.", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" - }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/gophish/gophish" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "0.12.1" + } + ] + } + ] } ], - "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39904" }, + { + "type": "WEB", + "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38351" + }, { "type": "WEB", "url": "https://github.com/ashikmd7/GoPhish-0.12.1/blob/main/Unbounded%20Memory%20Allocation%20in%20Office%20Attachment%20Processing%20Leads%20to%20Server%20DoS/README.md" }, + { + "type": "PACKAGE", + "url": "https://github.com/gophish/gophish" + }, + { + "type": "WEB", + "url": "https://github.com/gophish/gophish/blob/v0.12.1/models/attachment.go" + }, + { + "type": "WEB", + "url": "https://github.com/gophish/gophish/releases/tag/v0.12.1" + }, + { + "type": "WEB", + "url": "https://pkg.go.dev/github.com/gophish/gophish" + }, + { + "type": "WEB", + "url": "https://securityvulnerability.io/vulnerability/CVE-2026-39904" + }, + { + "type": "WEB", + "url": "https://vuldb.com/cve/CVE-2026-39904" + }, + { + "type": "WEB", + "url": "https://vulners.com/cve/CVE-2026-39904" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2026-39904" + }, + { + "type": "WEB", + "url": "https://www.cvedetails.com/cve/CVE-2026-39904" + }, + { + "type": "WEB", + "url": "https://www.tenable.com/cve/CVE-2026-39904" + }, { "type": "WEB", "url": "https://www.vulncheck.com/advisories/gophish-denial-of-service-via-office-document-upload" @@ -34,6 +95,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-400", "CWE-770" ], "severity": "HIGH",