Book a Demo / Contact Get started free

← All vulnerabilities

HIGHSupply chain

GHSA-XHV3-Q4XX-349R

pip · stigmem-node

Summary

stistigmem-node: quarantine review surface exposes and mutates other tenants' quarantined facts (cross-tenant BOLA)

References

Related vulnerabilities

All Supply chain →

CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
MEDIUMGHSA-QWXF-2M7M-2M3X
Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join
MEDIUMGHSA-HV6H-HC26-Q48P
SurrealDB: Field-level SELECT permissions bypassed via graph and reference traversals
CRITICALGHSA-H3M5-97JQ-QJRF
OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)
HIGHGHSA-6GQW-JQV7-V88M
stigmem-node: decay sweep expires and counts facts across all tenants (cross-tenant BOLA)
HIGHGHSA-X26H-XMV8-GXF7
stigmem-node: RTBF tombstones are mis-attributed and suppress reads tenant-blind (cross-tenant BOLA)