Publish GHSA-m8j6-rc5x-wv36

advisory-database[bot] · advisory-database[bot] · commit 98f4e1a89e9f · 2026-06-26T20:44:27.000Z
diff --git a/advisories/github-reviewed/2026/06/GHSA-m8j6-rc5x-wv36/GHSA-m8j6-rc5x-wv36.json b/advisories/github-reviewed/2026/06/GHSA-m8j6-rc5x-wv36/GHSA-m8j6-rc5x-wv36.json
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m8j6-rc5x-wv36",
+  "modified": "2026-06-26T20:41:59Z",
+  "published": "2026-06-26T20:41:59Z",
+  "aliases": [],
+  "summary": "nono-py's policy JSON accepts unknown security fields",
+  "details": "### Summary\n\nnono-py policy handling could fail open in two ways. First, resolving a policy-derived `ProxyConfig` did not automatically enforce `CapabilitySet.proxy_only`, allowing sandboxed children to bypass a resolved domain allowlist by using direct network access. Second, policy JSON accepted unknown security-sensitive fields, so misspelled or unsupported restrictions could be silently ignored.\n\n### Impact\n\nA sandboxed child may receive broader network access than the policy author intended. This can allow outbound requests outside the configured proxy allowlist and may expose sensitive data depending on the execution environment and workload.\n\n### Older-kernel note\n\nOn Linux kernels without Landlock ABI v4 network rules, patched versions continue to support proxy-only enforcement through the seccomp supervisor fallback introduced in 807fb4b. Users on older kernels should ensure policy-resolved proxy configurations are coupled to `CapabilitySet.proxy_only(proxy);` merely injecting proxy environment variables is not sufficient.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "nono-py"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.10.1"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.10.0"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/always-further/nono-py/security/advisories/GHSA-m8j6-rc5x-wv36"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nolabs-ai/nono-py/commit/2897ee20df0d75afd298d94840b9d135b3b3a6e9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nolabs-ai/nono-py/commit/807fb4bce2385b9e88185bf160e0792b588813c7"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/always-further/nono-py"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-06-26T20:41:59Z",
+    "nvd_published_at": null
+  }
+}
