CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Overview
On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $(). These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks "Git > Open Git Repository in Terminal" from the menu bar, then the injected command is run in the user's shell without the user's permission.
This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd through the shell to set the current directory ^3. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix ^4.
Scope of Impact
This issue allows for arbitrary code execution via command injection. A wide range of actions are permitted by this issue, including but not limited to: modifying files, exfiltrating data, halting services, or compromising the server's security rules.
We have scanned the source code of jupyterlab-git for other command injection risks, and have not found any at the time of writing.
This issue was reproduced on the latest release of jupyterlab-git, v0.51.0. The steps taken to reproduce this issue are described in the "Proof-of-concept" section below.
Proof-of-concept
Create a new directory via mkdir test/ && cd test/.
Creat...
CVSS: HIGH (7.4) EPSS Score: 0.07%
April 4th, 2025 (3 months ago)
|
|
|
Description: Impact
If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the returned JIRA fields (such as the summary or description for example).
For example:
]>
...
&xxe;
https://jira.xwiki.org/browse/XE-307
{RETIRED} XWiki Enterprise
&xxe;
...
Patches
The vulnerability has been patched in the JIRA Extension v8.6.5.
Workarounds
No easy workaround except to upgrade (which is easy using the XWiki Extension Manager).
References
https://github.com/xwiki-contrib/jira/commit/98a74c2a516b42689c73b13ecd94e9c1998fa9cb and https://github.com/xwiki-contrib/jira/commit/5049e352d16f8356734de70daf1202301f170ee6
https://jira.xwiki.org/browse/JIRA-49
For more information
If you have any questions or comments about this advisory:
Open an issue in Jira XWiki.org
Email us at Security Mailing List
References
https://github.com/xwiki-contrib/jira/security/advisories/GHSA-wc53-4255-gw3f
https://nvd.nist.gov/vuln/detail/CVE-2025-31487
https://github.com/xwiki-contrib/jira/commit/5049e352d16f8356734de70daf1202301f170ee6
https://github.com/xwiki-contrib/jira/commit/98a74c2a516b42689c73b13ecd94e9c1998fa9cb
https://jira.xwiki.org/browse/JIRA-49
https://github.com/advisories/GHSA-wc53-4255-gw3f
CVSS: HIGH (7.7) EPSS Score: 0.03%
April 4th, 2025 (3 months ago)
|
CVE-2025-31418 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
April 4th, 2025 (3 months ago)
|
|
CVE-2025-31416 |
WordPress Awesome Event Booking plugin <= 2.8.4 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through 2.8.4.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
April 4th, 2025 (3 months ago)
|
|
CVE-2025-31405 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5.
CVSS: HIGH (7.5) EPSS Score: 0.11% SSVC Exploitation: none
April 4th, 2025 (3 months ago)
|
|
CVE-2025-31389 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sequel.Io Sequel allows Reflected XSS.This issue affects Sequel: from n/a through 1.0.11.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 4th, 2025 (3 months ago)
|
|
CVE-2025-31384 |
Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 4th, 2025 (3 months ago)
|
|
CVE-2025-29815 |
Description: Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.
CVSS: HIGH (7.6) EPSS Score: 0.06% SSVC Exploitation: none
April 4th, 2025 (3 months ago)
|
|
CVE-2025-31420 |
Description: Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.4.2.
CVSS: HIGH (7.6) EPSS Score: 0.04%
April 4th, 2025 (3 months ago)
|
|
CVE-2025-22282 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EPC ez Form Calculator - WordPress plugin allows Reflected XSS.This issue affects ez Form Calculator - WordPress plugin: from n/a through 2.14.1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 4th, 2025 (3 months ago)
|