{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T20:10:45.561","vulnerabilities":[{"cve":{"id":"CVE-2026-31839","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T17:16:58.270","lastModified":"2026-03-20T16:56:55.217","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. This vulnerability is fixed in 3.0.0."},{"lang":"es","value":"Striae es un compañero de comparación para examinadores de armas de fuego. Existía una vulnerabilidad de omisión de integridad de alta gravedad en el flujo de trabajo de confirmación digital de Striae antes de la v3.0.0. La validación solo por hash confiaba en los campos de hash del manifiesto que podían ser modificados junto con el contenido del paquete, permitiendo que los paquetes de confirmación manipulados pasaran las comprobaciones de integridad. Esta vulnerabilidad está corregida en la 3.0.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-354"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:striae:striae:*:*:*:*:*:node.js:*:*","versionStartIncluding":"0.9.22","versionEndIncluding":"3.0.0","matchCriteriaId":"3DECC8C8-51C3-472E-B292-6800B86701C3"}]}]}],"references":[{"url":"https://github.com/striae-org/striae/releases/tag/v3.0.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/striae-org/striae/security/advisories/GHSA-mmf8-487q-p45m","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}