R1Zzg0D

**Name of the Vulnerable Software and Affected Versions** Gotenberg versions prior to 8.31.0 **Description** An unauthenticated attacker can bypass the default deny-lists used by the `downloadFrom` and `webhook` features. The issue occurs because the filtering logic uses case-sensitive regular expressions that only block lowercase `http://` and `https://` prefixes. Consequently, an attacker can use alternative textual representations of loopback or private addresses, such as IPv4-mapped IPv6 addresses (e.g., `http://[::ffff:127.0.0.1]:...`), to force the server to make outbound requests to internal-only targets. This allows for Server-Side Request Forgery (SSRF), potentially exposing internal HTTP services, cloud metadata endpoints, and local admin APIs. **Recommendations** Update to version 8.31.0. As a temporary workaround, restrict access to the `downloadFrom` and `webhook` features to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nginx UI versions 2.0.0 through 2.3.7 **Description** An unauthenticated network attacker can claim the initial administrator account on a fresh instance during the first-run setup window. The public endpoint "/api/install" is accessible without authentication. While the request-encryption flow ensures payload confidentiality during transit, it fails to authenticate the user performing the installation. A remote attacker who accesses the service before the legitimate operator can define the admin email, username, and password, leading to a permanent takeover of the initial instance. **Recommendations** Update to version 2.3.8.

**Name of the Vulnerable Software and Affected Versions** goshs versions 2.0.0-beta.4 through 2.0.0-beta.5 **Description** goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an authenticated browser to trigger destructive actions because the software relies solely on HTTP basic auth and fails to perform CSRF, `Origin`, or `Referer` validation for these routes. This allows an attacker-controlled page to trigger filesystem mutations via GET requests, specifically through the `?delete` and `?mkdir` parameters, which are handled by the `deleteFile()` and `handleMkdir()` functions respectively. **Recommendations** Update to version 2.0.0-beta.6.

**Name of the Vulnerable Software and Affected Versions** goshs version v2.0.0-beta.5 **Description** An authentication bypass exists in the SFTP service when the server is configured using the basic authentication syntax with an empty username, such as using the `-b` variable with the format ':pass'. In this configuration, the software fails to install an SFTP password handler, allowing an unauthenticated network attacker to connect to the SFTP service and access files without providing a password. This can lead to unauthorized reading, uploading, renaming, and deleting of files within the configured SFTP root. **Recommendations** For version v2.0.0-beta.5, avoid using the `-b` variable with an empty username (e.g., ':pass') when the `-sftp` option is enabled to prevent unauthenticated access.

**Name of the Vulnerable Software and Affected Versions** goshs versions 2.0.0-beta.4 through 2.0.0-beta.5 **Description** When deployed without global basic authentication, the server leaks file-based Access Control List (ACL) credentials through its public collaborator feed. Requests to folders protected by `.goshs` are logged before authorization is enforced. Consequently, the collaborator websocket broadcasts raw request headers, including the `Authorization` variable, to all connected clients. An unauthenticated observer can capture a victim's folder-specific basic-auth header and replay it to read, upload, overwrite, and delete files within the protected subtree. **Recommendations** Update to version 2.0.0-beta.6. As a temporary workaround, restrict access to the collaborator websocket and panel using authentication boundaries.

**Name of the Vulnerable Software and Affected Versions** goshs versions prior to 2.0.0-beta.4 **Description** goshs, a SimpleHTTPServer written in Go, had an authorization bypass. Prior to version 2.0.0-beta.4, the software enforced ACL/basic-auth mechanisms for directory listings and file reads, but did not apply the same checks to state-changing routes. An unauthenticated attacker could upload files using `PUT` or multipart `POST /upload`, create directories with `?mkdir`, and delete files with `?delete` within a `.goshs`-protected directory. Deleting the `.goshs` file removed the folder's auth policy, allowing access to previously protected content. This impacted confidentiality, integrity, and availability. The project's README documented file-based ACLs as a security feature. The read/list path correctly enforced `.goshs`, but state-changing routes bypassed this logic. The vulnerability allowed unauthorized modification and potential removal of protected content. **Recommendations** Update to version 2.0.0-beta.4 or later to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** PraisonAI versions prior to 4.5.139 praisonaiagents versions prior to 1.5.140 **Description** The browser bridge is susceptible to unauthenticated remote session hijacking. This occurs due to a lack of authentication and a bypassable origin check on the '/ws' WebSocket endpoint. The server binds to 0.0.0.0 by default and only validates the `Origin` header when it is provided, allowing non-browser clients that omit this header to connect without restriction. An attacker can send a `start session` message, which the server routes to the first idle browser-extension WebSocket, effectively hijacking the session. This allows the attacker to receive all resulting automation actions and outputs, leading to unauthorized remote control of connected browser automation sessions, leakage of sensitive page context, and misuse of model-backed browser actions in environments where the bridge is network-reachable. **Recommendations** Update PraisonAI to version 4.5.139 or later. Update praisonaiagents to version 1.5.140 or later.

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI's recipe registry publish endpoint is susceptible to a path traversal issue. Prior to version 1.5.113, the endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's `manifest.json` file before validating the manifest's `name` and `version` against the HTTP route. A malicious publisher can exploit this by including `../` traversal sequences within the bundle manifest, potentially causing the registry server to create files outside the configured registry root. Although the request is ultimately rejected with an HTTP `400` error, the unauthorized file write persists on disk. This impacts deployments exposing the recipe registry publish flow, and is exploitable by any network client if the registry runs without a token, or by any user with publish access if a token is configured. Recommendations Validate the `manifest.json` `name` and `version` before any filesystem operation. Reject path separators, `..`, absolute paths, and any value that fails the existing ` validate name()` / ` validate version()` checks. Resolve the final destination path and ensure it remains within the configured registry root before creating directories or copying files. Move the URL-to-manifest consistency check before calling the publish function, or refactor the publish function to receive already-validated route parameters.

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI's recipe registry pull flow extracts attacker-controlled `.praison` tar archives using `tar.extractall()` without validating archive member paths before extraction. A malicious publisher can upload a recipe bundle containing `../` traversal entries, allowing them to write files outside the intended output directory for any user who pulls that recipe. This affects both local and HTTP registry pull paths. The checksum verification does not prevent exploitation as the malicious payload is part of the signed bundle. The issue stems from the unsafe extraction of tar archive contents during recipe pull. A malicious publisher creates a `.praison` bundle with traversal entries like `../../escape-http.txt`. The `LocalRegistry.publish()` function only reads `manifest.json` and stores the bundle without sanitizing the tar members. When a victim pulls the recipe, `LocalRegistry.pull()` or `HttpRegistry.pull()` extracts the tarball using `tar.extractall()`, allowing traversal entries to escape the intended directory and create files elsewhere on disk. Recommendations Update to version 1.5.113 or later to resolve this issue.