Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 826bdfb

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-9ggr-2464-2j32 GHSA-w5fx-fh39-j5rw
1 parent b7982e3 commit 826bdfb

File tree

2 files changed

+10
-4
lines changed

2 files changed

+10
-4
lines changed

advisories/github-reviewed/2025/09/GHSA-9ggr-2464-2j32/GHSA-9ggr-2464-2j32.json

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-9ggr-2464-2j32",
4-
"modified": "2025-09-22T14:42:12Z",
4+
"modified": "2025-09-22T20:08:32Z",
55
"published": "2025-09-22T14:42:12Z",
66
"aliases": [
77
"CVE-2025-59420"
@@ -40,6 +40,10 @@
4040
"type": "WEB",
4141
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32"
4242
},
43+
{
44+
"type": "ADVISORY",
45+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420"
46+
},
4347
{
4448
"type": "WEB",
4549
"url": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df"
@@ -57,6 +61,6 @@
5761
"severity": "HIGH",
5862
"github_reviewed": true,
5963
"github_reviewed_at": "2025-09-22T14:42:12Z",
60-
"nvd_published_at": null
64+
"nvd_published_at": "2025-09-22T18:15:46Z"
6165
}
6266
}

advisories/github-reviewed/2025/09/GHSA-w5fx-fh39-j5rw/GHSA-w5fx-fh39-j5rw.json

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,11 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-w5fx-fh39-j5rw",
4-
"modified": "2025-09-19T18:10:01Z",
4+
"modified": "2025-09-22T20:08:54Z",
55
"published": "2025-09-19T17:14:04Z",
6-
"aliases": [],
6+
"aliases": [
7+
"CVE-2025-59532"
8+
],
79
"summary": "Codex has sandbox bypass due to bug in path configuration logic",
810
"details": "Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated `cwd` as the sandbox’s writable root, including paths outside of the folder where the user started their session.\n\nThis logic bypassed the intended workspace boundary and enables arbitrary file writes and command execution where the Codex process has permissions - this did not impact the network-disabled sandbox restriction.\n\n**Remediation**\nWe released a patch in Codex CLI **0.39.0** that canonicalizes and validates that the boundary used for sandbox policy is based on where the user started the session, and not the one generated by the model. Users running 0.38.0 or earlier should update immediately via their package manager or by reinstalling the latest Codex CLI to ensure sandbox boundaries are enforced.\n\nIf using the Codex IDE extension, users should immediately update to **0.4.12** for a fix of the sandbox issue.\n\nThank you to Tzanko Matev (Codetracer) for reporting the issue!",
911
"severity": [

0 commit comments

Comments
 (0)