Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-rwww-x45w-p52w
  • Go/github.com/free5gc/nef
 free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions 17 hours ago
  • No fix available
  • Severity - 10.0 (Critical)
GHSA-3258-qmv8-frp3
  • Go/github.com/free5gc/smf
 free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers 17 hours ago
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-p9mg-74mg-cwwr
  • Go/github.com/free5gc/smf
 free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating 17 hours ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-cmpj-2x3g-m7g3
  • Go/github.com/free5gc/nef
 free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler 18 hours ago
  • No fix available
  • Severity - 10.0 (Critical)
GHSA-3p28-73q7-45xp
  • Go/github.com/free5gc/nef
 free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions 18 hours ago
  • No fix available
  • Severity - 9.4 (Critical)
GHSA-f8qv-7x5w-qr48
  • Go/github.com/free5gc/nrf
 free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types 18 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-jqfc-gwj5-3w63
  • Go/github.com/free5gc/udr
 free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request) 18 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-4rqf-grm6-vf75
  • Go/github.com/free5gc/udr
 free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference) 18 hours ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-j59f-x285-69jx
  • Go/github.com/free5gc/nef
 free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference 18 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-44qj-cghf-9p97
  • Go/github.com/free5gc/smf
 free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf) 18 hours ago
  • No fix available
  • Severity - 7.5 (High)
GHSA-wqfh-gq79-j8mf
  • Go/github.com/free5gc/nef
 free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path 18 hours ago
  • No fix available
  • Severity - 7.3 (High)
GHSA-rxrq-fv76-26pr
  • Go/github.com/free5gc/nef
 free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri) 18 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-27ph-8q4f-h7m7
  • Go/github.com/free5gc/bsf
 free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions 18 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-wwqh-7jm5-gj7w
  • Go/github.com/free5gc/pcf
 free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference 18 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-wr8j-6chw-gm6p
  • Go/github.com/free5gc/pcf
 free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference 18 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-5f62-53r8-qrqf
  • Go/github.com/free5gc/nef
 free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions 18 hours ago
  • No fix available
  • Severity - 9.4 (Critical)
Load more...