Skip to content

Commit 41f088c

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-3gv2-v3jx-r9fh GHSA-ggmv-j932-q89q
1 parent a0068b5 commit 41f088c

File tree

2 files changed

+10
-2
lines changed

2 files changed

+10
-2
lines changed

advisories/github-reviewed/2025/07/GHSA-3gv2-v3jx-r9fh/GHSA-3gv2-v3jx-r9fh.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3gv2-v3jx-r9fh",
4-
"modified": "2025-07-10T23:22:31Z",
4+
"modified": "2025-08-14T22:21:05Z",
55
"published": "2025-07-10T17:48:54Z",
66
"aliases": [
77
"CVE-2025-53632"
88
],
99
"summary": "Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive",
1010
"details": "### Impact\nWhen decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips.\nExploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is **highly** recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system.\n\n### Patches\nPatch has been implemented by [commit `47d188f`](https://github.com/ctfer-io/chall-manager/commit/47d188fda5e3f86285e820f12ad9fb6f9930662c) and shipped in [`v0.1.4`](https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4).\n\n### Workarounds\nNo workaround exist.\n\n### References\nN/A.",
1111
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
15+
},
1216
{
1317
"type": "CVSS_V4",
1418
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"

advisories/github-reviewed/2025/07/GHSA-ggmv-j932-q89q/GHSA-ggmv-j932-q89q.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-ggmv-j932-q89q",
4-
"modified": "2025-07-10T23:22:14Z",
4+
"modified": "2025-08-14T22:21:18Z",
55
"published": "2025-07-10T17:58:48Z",
66
"aliases": [
77
"CVE-2025-53634"
88
],
99
"summary": "Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout",
1010
"details": "### Impact\nThe HTTP Gateway processes headers, but with no timeout set. With a Slowloris attack, an attacker could cause Denial of Service (DoS).\nExploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system.\n\n### Patches\nPatch has been implemented by [commit `1385bd8`](https://github.com/ctfer-io/chall-manager/commit/1385bd869142651146cd0b123085f91cec698636) and shipped in [`v0.1.4`](https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4).\n\n### Workarounds\nNo workaround exist.\n\n### References\nN/A",
1111
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
15+
},
1216
{
1317
"type": "CVSS_V4",
1418
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"

0 commit comments

Comments
 (0)