GHSA-9j7f-3r4p-pwh6: nono-py vulnerable to authorization bypass / policy confusion
A vulnerability in nono-py versions prior to 0.11.0 allows an authorization bypass due to a policy confusion issue. The Python API's restrictive configuration for reverse-proxy credential routes is unsafe by default, permitting broader network access than intended. Specifically, an empty allowed_hosts setting results in an implicit allow-all policy inside nono-proxy, enabling a sandboxed child process to use the local proxy as a transparent CONNECT tunnel to unintended hosts. This bypasses the intended route-only proxy access policy, potentially exposing internal or internet services to unauthorized access or data exfiltration. The severity is medium by default but can be high in environments relying on strict egress controls. No known exploits are reported, and no patch information is provided.
AI Analysis
Technical Summary
The nono-py Python API contains a vulnerability classified as CWE-1188, where a restrictive-looking configuration for reverse-proxy credential routes is unsafe by default. When the allowed_hosts configuration is empty, nono-proxy implicitly allows all hosts, enabling a sandboxed child process configured with CapabilitySet.proxy_only to bypass intended network restrictions. This results in an authorization bypass and policy confusion, where the actual network access includes arbitrary transparent CONNECT tunnels beyond the nominated routes. The vulnerability affects versions prior to 0.11.0. The impact depends on the environment but can lead to unauthorized outbound network access and potential exfiltration or access to unintended services. The CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N, indicating local attack vector, low complexity, low privileges required, no user interaction, scope changed, and low confidentiality and integrity impacts without availability impact. No patch or official fix is currently documented.
Potential Impact
This vulnerability allows a sandboxed child process to bypass intended network access restrictions by exploiting an implicit allow-all policy when allowed_hosts is empty. The child process can use the local proxy as a transparent CONNECT tunnel to reach hosts outside the designated reverse-proxy credential routes. This expands the outbound network reach beyond the intended policy, potentially enabling data exfiltration or unauthorized access to internal or internet services. The impact severity is medium by default but can be high in environments that rely on strict egress controls for untrusted code or sensitive credentials.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid configurations with empty allowed_hosts in nono-py and explicitly specify allowed hosts to prevent implicit allow-all behavior. Review and restrict proxy configurations to ensure they do not unintentionally permit broader network access than intended.
GHSA-9j7f-3r4p-pwh6: nono-py vulnerable to authorization bypass / policy confusion
Description
A vulnerability in nono-py versions prior to 0.11.0 allows an authorization bypass due to a policy confusion issue. The Python API's restrictive configuration for reverse-proxy credential routes is unsafe by default, permitting broader network access than intended. Specifically, an empty allowed_hosts setting results in an implicit allow-all policy inside nono-proxy, enabling a sandboxed child process to use the local proxy as a transparent CONNECT tunnel to unintended hosts. This bypasses the intended route-only proxy access policy, potentially exposing internal or internet services to unauthorized access or data exfiltration. The severity is medium by default but can be high in environments relying on strict egress controls. No known exploits are reported, and no patch information is provided.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The nono-py Python API contains a vulnerability classified as CWE-1188, where a restrictive-looking configuration for reverse-proxy credential routes is unsafe by default. When the allowed_hosts configuration is empty, nono-proxy implicitly allows all hosts, enabling a sandboxed child process configured with CapabilitySet.proxy_only to bypass intended network restrictions. This results in an authorization bypass and policy confusion, where the actual network access includes arbitrary transparent CONNECT tunnels beyond the nominated routes. The vulnerability affects versions prior to 0.11.0. The impact depends on the environment but can lead to unauthorized outbound network access and potential exfiltration or access to unintended services. The CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N, indicating local attack vector, low complexity, low privileges required, no user interaction, scope changed, and low confidentiality and integrity impacts without availability impact. No patch or official fix is currently documented.
Potential Impact
This vulnerability allows a sandboxed child process to bypass intended network access restrictions by exploiting an implicit allow-all policy when allowed_hosts is empty. The child process can use the local proxy as a transparent CONNECT tunnel to reach hosts outside the designated reverse-proxy credential routes. This expands the outbound network reach beyond the intended policy, potentially enabling data exfiltration or unauthorized access to internal or internet services. The impact severity is medium by default but can be high in environments that rely on strict egress controls for untrusted code or sensitive credentials.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid configurations with empty allowed_hosts in nono-py and explicitly specify allowed hosts to prevent implicit allow-all behavior. Review and restrict proxy configurations to ensure they do not unintentionally permit broader network access than intended.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-9j7f-3r4p-pwh6
- Osv Schema Version
- 1.4.0
- Aliases
- []
- Ecosystems
- ["PyPI"]
- Database Specific Severity
- MODERATE
- Cvss Version
- 3.1
Threat ID: 6a3ef76a27e9c79719fee824
Added to database: 06/26/2026, 22:04:26 UTC
Last enriched: 06/26/2026, 22:08:39 UTC
Last updated: 06/26/2026, 22:08:39 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.