GHSA-4wpp-w5r4-7v5v

Source

https://github.com/advisories/GHSA-4wpp-w5r4-7v5v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4wpp-w5r4-7v5v/GHSA-4wpp-w5r4-7v5v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4wpp-w5r4-7v5v

Aliases

Related

CVE-2022-29180

Published

2022-05-24T20:55:22Z

Modified

2024-08-21T15:41:55.167798Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Server-Side Request Forgery in charm

Details

We've discovered a vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched in https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately.

This vulnerability was found in-house and we haven't been notified of any potential exploiters.

Additional notes

Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data.
Users running the official Charm Docker images are at minimal risk because the exploit is limited to the containerized filesystem.

For more information

If you have any questions or comments about this advisory: * Open a discussion * Email us at vt100@charm.sh * Chat with us on Slack

Charm热爱开源 • Charm loves open source

Database specific

{
    "nvd_published_at": "2022-05-07T04:15:00Z",
    "github_reviewed_at": "2022-05-24T20:55:22Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-918"
    ]
}

References

Affected packages

Go / github.com/charmbracelet/charm

Package

Name: github.com/charmbracelet/charm; View open source insights on deps.dev
Purl: pkg:golang/github.com/charmbracelet/charm

Affected ranges

Type: SEMVER
Events: Introduced

0.9.0

Fixed

0.12.1