{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T10:01:29.466","vulnerabilities":[{"cve":{"id":"CVE-2025-52477","sourceIdentifier":"security-advisories@github.com","published":"2025-06-26T17:15:30.897","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Upgrade to v0.5.3 to resolve this issue. This version includes patch sets to sanitize input and redact logging."},{"lang":"es","value":"Octo-STS es una aplicación de GitHub que funciona como un Servicio de Token de Seguridad (STS) para la API de GitHub. Las versiones de Octo-STS anteriores a la v0.5.3 son vulnerables a SSRF no autenticado al abusar de los campos de los tokens de OpenID Connect. Se ha demostrado que los tokens maliciosos activan solicitudes de red internas que podrían reflejar registros de errores con información confidencial. Actualice a la v0.5.3 para resolver este problema. Esta versión incluye conjuntos de parches para sanear la entrada y redactar los registros."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/octo-sts/app/commit/0f177fde54f9318e33f0bba6abaea9463a7c3afd","source":"security-advisories@github.com"},{"url":"https://github.com/octo-sts/app/commit/b3976e39bd8c8c217c0670747d34a4499043da92","source":"security-advisories@github.com"},{"url":"https://github.com/octo-sts/app/security/advisories/GHSA-h3qp-hwvr-9xcq","source":"security-advisories@github.com"},{"url":"https://github.com/octo-sts/app/security/advisories/GHSA-h3qp-hwvr-9xcq","source":"security-advisories@github.com"}]}}]}