CLEANSTART-2026-WA84208

Import Source

https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-WA84208.json

JSON Data

https://api.test.osv.dev/v1/vulns/CLEANSTART-2026-WA84208

Upstream

CVE-2025-61726

CVE-2025-61727

CVE-2025-61728

CVE-2025-61729

CVE-2025-61730

CVE-2025-68119

CVE-2026-32280

CVE-2026-32281

CVE-2026-32282

CVE-2026-32283

CVE-2026-32285

CVE-2026-32287

CVE-2026-32289

CVE-2026-33810

CVE-2026-34986

ghsa-65xw-vw82-r86x

ghsa-6g7g-w4f8-9c9x

ghsa-78h2-9frx-2jm8

ghsa-cfpf-hrx2-8rv6

ghsa-f6x5-jh6r-wrfv

ghsa-j5w8-q4qc-rx2x

ghsa-p77j-4mvh-x3m3

Published

2026-04-15T00:49:09.040332Z

Modified

2026-05-20T18:00:06.753839404Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery

Details

Multiple security vulnerabilities affect the tempo package. Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery. See references for individual vulnerability details.

References

Affected packages

CleanStart / tempo

Package

Name: tempo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.1-r0

Database specific

source

"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-WA84208.json"