Skip to content

Commit 22066c0

Browse files
1 parent da9b11d commit 22066c0

2 files changed

Lines changed: 32 additions & 5 deletions

File tree

advisories/github-reviewed/2026/04/GHSA-8x35-hph8-37hq/GHSA-8x35-hph8-37hq.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-8x35-hph8-37hq",
4-
"modified": "2026-04-24T20:45:13Z",
4+
"modified": "2026-05-08T02:02:22Z",
55
"published": "2026-04-24T20:45:13Z",
66
"aliases": [
77
"CVE-2026-41501"
88
],
9-
"summary": "electurm has Command Injection via runLinux funtion",
9+
"summary": "electerm has Command Injection via runLinux funtion",
1010
"details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\n**Command Injection vulnerabilities in electerm:**\n\nA command injection vulnerability exists in `github.com/elcterm/electerm/npm/install.js:130`. The `runLinux()` function appends attacker-controlled remote version strings directly into an `exec(\"rm -rf ...\")` command without validation.\n\n**Who is impacted:** Users who run `npm install -g electerm` in Linux. An attacker who can control the remote release metadata (version string or release name) served by the project's update server could execute arbitrary system commands, tamper local files, and escalate compromise of development/runtime assets.\n\n---\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nFixed in [59708b38c8a52f5db59d7d4eff98e31d573128ee](https://github.com/electerm/electerm/commit/59708b38c8a52f5db59d7d4eff98e31d573128ee), user no need to upgrade, the new version already published in npm\n\n---\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nno",
1111
"severity": [
1212
{

advisories/github-reviewed/2026/05/GHSA-ff6c-w6qf-7xqc/GHSA-ff6c-w6qf-7xqc.json

Lines changed: 30 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-ff6c-w6qf-7xqc",
4-
"modified": "2026-05-07T02:06:49Z",
4+
"modified": "2026-05-08T02:01:36Z",
55
"published": "2026-05-07T02:06:49Z",
66
"aliases": [
77
"CVE-2026-44312"
88
],
99
"summary": "CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content",
10-
"details": "### Summary\n\nThe CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with `OpenSSL::SSL::VERIFY_NONE`, meaning any HTTPS certificate—even entirely untrusted—will be accepted without validation.\n\n### Details\n\nIn `lib/css_parser/parser.rb`, the HTTP client sets:\nhttps://github.com/premailer/css_parser/blob/3f91e8db7547fac50ab50cb7f9920f785f722740/lib/css_parser/parser.rb#L646\n\n```ruby\nhttp.verify_mode = OpenSSL::SSL::VERIFY_NONE\n```\n\nAs a result, the library does not validate the authenticity of HTTPS connections and does not protect against man-in-the-middle attacks. Any attacker in a position to intercept network traffic can inject or modify CSS loaded via HTTPS URLs without detection or warning.\n\n### PoC\n\n1. Set up a test Ruby project that uses the CSS Parser gem and loads an external stylesheet over HTTPS.\n2. Use a local proxy (such as mitmproxy or Burp Suite) to intercept outgoing HTTPS requests.\n3. Present a fake self-signed certificate to the client.\n4. Inject custom CSS into the intercepted HTTPS response.\n \nThe request will succeed and the injected CSS will be delivered to the application, as the connection is not validated.\n\n### Resources\n \nhttps://github.com/premailer/css_parser/issues/185\n\n### Impact\n\nApplications using CSS Parser to load remote stylesheets over HTTPS are vulnerable to CSS injection and content manipulation, regardless of the trust status of the remote server. All users who use CSS Parser to fetch external CSS over HTTPS may be impacted.\n\n### Credit\n\nThis vulnerability was uncovered by @JLLeitschuh of the @braze-inc security team.",
10+
"details": "### Summary\n\nThe CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with `OpenSSL::SSL::VERIFY_NONE`, meaning any HTTPS certificate—even entirely untrusted—will be accepted without validation.\n\n### Details\n\nIn `lib/css_parser/parser.rb`, the HTTP client sets:\nhttps://github.com/premailer/css_parser/blob/3f91e8db7547fac50ab50cb7f9920f785f722740/lib/css_parser/parser.rb#L646\n\n```ruby\nhttp.verify_mode = OpenSSL::SSL::VERIFY_NONE\n```\n\nAs a result, the library does not validate the authenticity of HTTPS connections and does not protect against man-in-the-middle attacks. Any attacker in a position to intercept network traffic can inject or modify CSS loaded via HTTPS URLs without detection or warning.\n\n### PoC\n\n1. Set up a test Ruby project that uses the CSS Parser gem and loads an external stylesheet over HTTPS.\n2. Use a local proxy (such as mitmproxy or Burp Suite) to intercept outgoing HTTPS requests.\n3. Present a fake self-signed certificate to the client.\n4. Inject custom CSS into the intercepted HTTPS response.\n \nThe request will succeed and the injected CSS will be delivered to the application, as the connection is not validated.\n\n### References\n \nhttps://github.com/premailer/css_parser/issues/185\n\n### Impact\n\nApplications using CSS Parser to load remote stylesheets over HTTPS are vulnerable to CSS injection and content manipulation, regardless of the trust status of the remote server. All users who use CSS Parser to fetch external CSS over HTTPS may be impacted.\n\n### Credit\n\nThis vulnerability was uncovered by @JLLeitschuh of the @braze-inc security team.",
1111
"severity": [
1212
{
1313
"type": "CVSS_V3",
@@ -25,14 +25,33 @@
2525
"type": "ECOSYSTEM",
2626
"events": [
2727
{
28-
"introduced": "0"
28+
"introduced": "2.0.0"
2929
},
3030
{
3131
"fixed": "2.1.0"
3232
}
3333
]
3434
}
3535
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "RubyGems",
40+
"name": "css_parser"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "0"
48+
},
49+
{
50+
"fixed": "1.22.0"
51+
}
52+
]
53+
}
54+
]
3655
}
3756
],
3857
"references": [
@@ -44,6 +63,14 @@
4463
"type": "WEB",
4564
"url": "https://github.com/premailer/css_parser/issues/185"
4665
},
66+
{
67+
"type": "WEB",
68+
"url": "https://github.com/premailer/css_parser/commit/35e689c904225add78e0c488cf04bad052666449"
69+
},
70+
{
71+
"type": "WEB",
72+
"url": "https://github.com/premailer/css_parser/commit/e0c95d5abe91b237becb90ff316531a6547ada18"
73+
},
4774
{
4875
"type": "PACKAGE",
4976
"url": "https://github.com/premailer/css_parser"

0 commit comments

Comments
 (0)