Skip to content

Commit 379ddad

Browse files
1 parent f2e16db commit 379ddad

3 files changed

Lines changed: 81 additions & 1 deletion

File tree

advisories/unreviewed/2026/03/GHSA-j666-j6hj-fpc7/GHSA-j666-j6hj-fpc7.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-j666-j6hj-fpc7",
4-
"modified": "2026-06-01T21:30:32Z",
4+
"modified": "2026-06-03T09:30:28Z",
55
"published": "2026-03-30T09:31:28Z",
66
"aliases": [
77
"CVE-2026-5119"
@@ -59,6 +59,10 @@
5959
"type": "WEB",
6060
"url": "https://access.redhat.com/errata/RHSA-2026:22323"
6161
},
62+
{
63+
"type": "WEB",
64+
"url": "https://access.redhat.com/errata/RHSA-2026:22710"
65+
},
6266
{
6367
"type": "WEB",
6468
"url": "https://access.redhat.com/security/cve/CVE-2026-5119"
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-28vp-6rv7-m976",
4+
"modified": "2026-06-03T09:30:28Z",
5+
"published": "2026-06-03T09:30:28Z",
6+
"aliases": [
7+
"CVE-2025-15654"
8+
],
9+
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS.\n\nThis issue affects Prague: from n/a through 2.2.8.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15654"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://patchstack.com/database/wordpress/plugin/prague-plugins/vulnerability/wordpress-prague-plugin-2-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-03T09:16:12Z"
35+
}
36+
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-g35p-px32-whv6",
4+
"modified": "2026-06-03T09:30:29Z",
5+
"published": "2026-06-03T09:30:28Z",
6+
"aliases": [
7+
"CVE-2026-4035"
8+
],
9+
"details": "A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`), which could lead to artifact poisoning and cross-boundary code execution in downstream environments. The issue is fixed in version 3.11.0.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4035"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/mlflow/mlflow/commit/4a3f2f720cb4f058c9e0c5b883e0acc9ab64a7f3"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://huntr.com/bounties/f8e591a0-0f19-4910-b82e-16c9956f2233"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-201"
34+
],
35+
"severity": "CRITICAL",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-03T09:16:13Z"
39+
}
40+
}

0 commit comments

Comments
 (0)