Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# BDSA-2026-15483 — bleach (High)
**Status:** FIXED
**Package:** bleach
**Vulnerable range:** <6.4.0
**Fixed version:** >=6.4.0
**Surface:** container + source

## Fix applied
- `pyproject.toml` line 17: `bleach>=6.2,<7.0` → `bleach>=6.4.0,<7.0`
- `uv.lock`: bleach resolved 6.4.0
- `examples/rag_react_agent/uv.lock`: bleach resolved 6.4.0 (propagated from root nvidia-rag path source)

## Advisory: bleach EOL
bleach 6.4.0 is the **final upstream release**. The project is unmaintained. Any future vulnerability will have no upstream fix. Recommend migrating to `nh3`. See `_summary.md` incidental findings.

## Validation
Track B (lockfile evidence). See `_summary.md`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# BDSA-2026-15484 — bleach (High)
**Status:** FIXED
**Package:** bleach
**Vulnerable range:** <6.4.0
**Fixed version:** >=6.4.0
**Surface:** container + source

## Fix applied
Same as BDSA-2026-15483. See BDSA-2026-15483.md.

## Advisory: bleach EOL
See BDSA-2026-15483.md.

## Validation
Track B (lockfile evidence). See `_summary.md`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# BDSA-2026-15486 — bleach (High)
**Status:** FIXED
**Package:** bleach
**Vulnerable range:** <6.4.0
**Fixed version:** >=6.4.0
**Surface:** container + source

## Fix applied
Same as BDSA-2026-15483. See BDSA-2026-15483.md.

## Advisory: bleach EOL
See BDSA-2026-15483.md.

## Validation
Track B (lockfile evidence). See `_summary.md`.
21 changes: 21 additions & 0 deletions cve-fix-reports/NSPECT-S62Q-PZUD-20260707-022824/CVE-2026-50269.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# CVE-2026-50269 — aiohttp (Critical)
**Status:** FIXED
**CVSS:** 9.3 CRITICAL (NVD) — rated High by nSpect; treated as Critical per severity cross-check rule
**Package:** aiohttp
**Vulnerable range:** <3.14.1
**Fixed version:** >=3.14.1
**Surface:** container + source

## Fix applied
- `pyproject.toml`: `[tool.uv] override-dependencies` — `aiohttp>=3.14.1`
- `uv.lock`: resolved 3.14.1
- `scripts/requirements.txt`: `aiohttp>=3.14.1`
- `tests/integration/requirements.txt`: `aiohttp>=3.14.1`
- `examples/nvidia_rag_mcp/requirements.txt`: `aiohttp>=3.14.1`
- `examples/rag_react_agent/pyproject.toml`: override added, lock resolved 3.14.1
- `scripts/rag-perf/pyproject.toml`: override added, lock resolved 3.14.1
- `scripts/eval/pyproject.toml`: override added, lock resolved 3.14.1
- `requirements.txt`: `aiohttp>=3.14.1`

## Validation
Track B (lockfile evidence). See `_summary.md`.
12 changes: 12 additions & 0 deletions cve-fix-reports/NSPECT-S62Q-PZUD-20260707-022824/CVE-2026-54274.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# CVE-2026-54274 — aiohttp (High)
**Status:** FIXED
**Package:** aiohttp
**Vulnerable range:** <3.14.1
**Fixed version:** >=3.14.1
**Surface:** container + source

## Fix applied
Same set of changes as CVE-2026-50269 — aiohttp bumped to >=3.14.1 across all manifest and lockfile locations. See CVE-2026-50269.md for full file list.

## Validation
Track B (lockfile evidence). See `_summary.md`.
12 changes: 12 additions & 0 deletions cve-fix-reports/NSPECT-S62Q-PZUD-20260707-022824/CVE-2026-54277.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# CVE-2026-54277 — aiohttp (High)
**Status:** FIXED
**Package:** aiohttp
**Vulnerable range:** <3.14.1
**Fixed version:** >=3.14.1
**Surface:** container + source

## Fix applied
Same set of changes as CVE-2026-50269 — aiohttp bumped to >=3.14.1 across all manifest and lockfile locations. See CVE-2026-50269.md for full file list.

## Validation
Track B (lockfile evidence). See `_summary.md`.
12 changes: 12 additions & 0 deletions cve-fix-reports/NSPECT-S62Q-PZUD-20260707-022824/CVE-2026-54279.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# CVE-2026-54279 — aiohttp (High)
**Status:** FIXED
**Package:** aiohttp
**Vulnerable range:** <3.14.1
**Fixed version:** >=3.14.1
**Surface:** container + source

## Fix applied
Same set of changes as CVE-2026-50269. See CVE-2026-50269.md for full file list.

## Validation
Track B (lockfile evidence). See `_summary.md`.
12 changes: 12 additions & 0 deletions cve-fix-reports/NSPECT-S62Q-PZUD-20260707-022824/CVE-2026-54280.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# CVE-2026-54280 — aiohttp (High)
**Status:** FIXED
**Package:** aiohttp
**Vulnerable range:** <3.14.1
**Fixed version:** >=3.14.1
**Surface:** container + source

## Fix applied
Same set of changes as CVE-2026-50269. See CVE-2026-50269.md for full file list.

## Validation
Track B (lockfile evidence). See `_summary.md`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# GHSA-49rj-9fvp-4h2h — react-router-dom (High)
**Status:** FIXED
**Package:** react-router-dom
**Vulnerable range:** <7.15.0
**Fixed version:** >=7.15.0 (resolved to 7.18.1)
**Surface:** container + source

## Fix applied
Same as GHSA-rxv8-25v2-qmq8. See GHSA-rxv8-25v2-qmq8.md.

## Validation
Track B (lockfile evidence). See `_summary.md`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# GHSA-8646-j5j9-6r62 — react-router-dom (High)
**Status:** FIXED
**Package:** react-router-dom
**Vulnerable range:** <7.15.0
**Fixed version:** >=7.15.0 (resolved to 7.18.1)
**Surface:** container + source

## Fix applied
Same as GHSA-rxv8-25v2-qmq8. See GHSA-rxv8-25v2-qmq8.md.

## Validation
Track B (lockfile evidence). See `_summary.md`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# GHSA-8x6r-g9mw-2r78 — react-router-dom (High)
**Status:** FIXED
**Package:** react-router-dom
**Vulnerable range:** <7.15.0
**Fixed version:** >=7.15.0 (resolved to 7.18.1)
**Surface:** container + source

## Fix applied
Same as GHSA-rxv8-25v2-qmq8. See GHSA-rxv8-25v2-qmq8.md.

## Validation
Track B (lockfile evidence). See `_summary.md`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# GHSA-rxv8-25v2-qmq8 — react-router-dom (High)
**Status:** FIXED
**Package:** react-router-dom
**Vulnerable range:** <7.15.0
**Fixed version:** >=7.15.0 (resolved to 7.18.1)
**Surface:** container + source

## Fix applied
- `frontend/package.json`: `"react-router-dom": "^7.12.0"` → `"^7.15.0"`
- `frontend/pnpm-lock.yaml`: resolved react-router-dom@7.18.1, react-router@7.18.1

## Validation
Track B (lockfile evidence). See `_summary.md`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# CVE Index — ingestor-server image
**Image:** nvidia-rag/ingestor-server (built from repo root, `src/nvidia_rag/ingestor_server/`)

| CVE / Advisory | Package | Status |
|---|---|---|
| CVE-2026-50269, 54274, 54277, 54279, 54280 | aiohttp | FIXED — pyproject.toml override >=3.14.1 |
| BDSA-2026-15483, 15484, 15486 | bleach | FIXED — pyproject.toml direct dep >=6.4.0 |
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# CVE Index — rag-frontend image
**Image:** nvidia-rag/rag-frontend (built from `frontend/`)

| CVE / Advisory | Package | Status |
|---|---|---|
| GHSA-rxv8-25v2-qmq8, GHSA-49rj-9fvp-4h2h, GHSA-8646-j5j9-6r62, GHSA-8x6r-g9mw-2r78 | react-router-dom | FIXED — package.json ^7.15.0, pnpm-lock.yaml 7.18.1 |
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# CVE Index — rag-server image
**Image:** nvidia-rag/rag-server (built from repo root, `src/nvidia_rag/rag_server/`)

| CVE / Advisory | Package | Status |
|---|---|---|
| CVE-2026-50269, 54274, 54277, 54279, 54280 | aiohttp | FIXED — pyproject.toml override >=3.14.1 |
| BDSA-2026-15483, 15484, 15486 | bleach | FIXED — pyproject.toml direct dep >=6.4.0 |
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# CVE Index — examples/
**Sub-workspaces:** `examples/rag_react_agent/`, `examples/nvidia_rag_mcp/`

| Sub-project | CVE / Advisory | Package | Files modified |
|---|---|---|---|
| nvidia_rag_mcp | CVE-2026-50269, 54274, 54277, 54279, 54280 | aiohttp | examples/nvidia_rag_mcp/requirements.txt |
| rag_react_agent | CVE-2026-50269, 54274, 54277, 54279, 54280 | aiohttp | examples/rag_react_agent/pyproject.toml (override), uv.lock |
| rag_react_agent | BDSA-2026-15483, 15484, 15486 | bleach | examples/rag_react_agent/uv.lock (propagated from root nvidia-rag path source) |
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# CVE Index — root repo
**Manifests:** `pyproject.toml`, `uv.lock`, `requirements.txt`, `scripts/requirements.txt`, `tests/integration/requirements.txt`, `frontend/package.json`, `frontend/pnpm-lock.yaml`

| CVE / Advisory | Package | Files modified |
|---|---|---|
| CVE-2026-50269, 54274, 54277, 54279, 54280 | aiohttp | pyproject.toml (override), uv.lock, scripts/requirements.txt, tests/integration/requirements.txt, requirements.txt |
| BDSA-2026-15483, 15484, 15486 | bleach | pyproject.toml (direct dep floor), uv.lock |
| GHSA-rxv8-25v2-qmq8, 49rj-9fvp-4h2h, 8646-j5j9-6r62, 8x6r-g9mw-2r78 | react-router-dom | frontend/package.json, frontend/pnpm-lock.yaml |
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# CVE Index — scripts/
**Sub-workspaces:** `scripts/rag-perf/`, `scripts/eval/`

| Sub-project | CVE / Advisory | Package | Files modified |
|---|---|---|---|
| rag-perf | CVE-2026-50269, 54274, 54277, 54279, 54280 | aiohttp | scripts/rag-perf/pyproject.toml (override), uv.lock |
| eval | CVE-2026-50269, 54274, 54277, 54279, 54280 | aiohttp | scripts/eval/pyproject.toml (override), uv.lock |
116 changes: 116 additions & 0 deletions cve-fix-reports/NSPECT-S62Q-PZUD-20260707-022824/_summary.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
# CVE Fix Report — NSPECT-S62Q-PZUD (Collection)
**Generated:** 2026-07-07T02:28:24Z
**Track:** B — RECOMMENDATION (UNVERIFIED)
**Program version:** 26.05.2 (repo anchor: 2.6.0.rc1)
**Skill run:** `/agentic-cve-fix NSPECT-S62Q-PZUD --platform github --validate pipeline --ci-project chat-labs/OpenSource/rag --ci-wait-gpu --ci-poll-timeout 55 --no-nvbugs-update`
**Fix-loop cycles used:** 3 of 3 (maximum)

---

## Program structure

NSPECT-S62Q-PZUD is a **collection-type program** with no direct scan artifacts. CVE findings are sourced from child programs:

| Child program | Type | Findings |
|---|---|---|
| NSPECT-UV6I-R3V9 | Container | aiohttp, bleach, react-router-dom (source surface) |
| NSPECT-O8B9-SHZ8 | Helm Chart | Same packages (deployment-surface) |

---

## CVE disposition summary

| CVE / Advisory | Package | Severity | Pre-fix version | Fixed version | Status |
|---|---|---|---|---|---|
| CVE-2026-50269 | aiohttp | Critical (9.3) | 3.13.x | >=3.14.1 | FIXED |
| CVE-2026-54274 | aiohttp | High | 3.13.x | >=3.14.1 | FIXED |
| CVE-2026-54277 | aiohttp | High | 3.13.x | >=3.14.1 | FIXED |
| CVE-2026-54279 | aiohttp | High | 3.13.x | >=3.14.1 | FIXED |
| CVE-2026-54280 | aiohttp | High | 3.13.x | >=3.14.1 | FIXED |
| BDSA-2026-15483 | bleach | High | 6.3.0 | >=6.4.0 | FIXED |
| BDSA-2026-15484 | bleach | High | 6.3.0 | >=6.4.0 | FIXED |
| BDSA-2026-15486 | bleach | High | 6.3.0 | >=6.4.0 | FIXED |
| GHSA-rxv8-25v2-qmq8 | react-router-dom | High | 7.12.0 | >=7.15.0 | FIXED |
| GHSA-49rj-9fvp-4h2h | react-router-dom | High | 7.12.0 | >=7.15.0 | FIXED |
| GHSA-8646-j5j9-6r62 | react-router-dom | High | 7.12.0 | >=7.15.0 | FIXED |
| GHSA-8x6r-g9mw-2r78 | react-router-dom | High | 7.12.0 | >=7.15.0 | FIXED |

Already-patched (no action needed):
- CVE-2025-34065 / langchain-core — repo has 1.4.x, fix was 1.2.5. ALREADY PATCHED.
- CVE-2025-34066 / langgraph — repo has 1.2.x, fix was 0.3.15. ALREADY PATCHED.

---

## Files modified

| File | Change | CVE group |
|---|---|---|
| `pyproject.toml` | bleach floor `>=6.2` → `>=6.4.0`; aiohttp override `>=3.14.1` added | bleach, aiohttp |
| `uv.lock` | aiohttp 3.13.5→3.14.1, bleach 6.3.0→6.4.0 | bleach, aiohttp |
| `frontend/package.json` | react-router-dom `^7.12.0` → `^7.15.0` | react-router-dom |
| `frontend/pnpm-lock.yaml` | react-router-dom 7.12.0→7.18.1, react-router 7.12.0→7.18.1 | react-router-dom |
| `scripts/requirements.txt` | `aiohttp==3.12.14` → `aiohttp>=3.14.1` | aiohttp |
| `tests/integration/requirements.txt` | `aiohttp>=3.8.0` → `aiohttp>=3.14.1` | aiohttp |
| `examples/nvidia_rag_mcp/requirements.txt` | `aiohttp>=3.13.3` → `aiohttp>=3.14.1` | aiohttp |
| `examples/rag_react_agent/pyproject.toml` | `[tool.uv] override-dependencies = ["aiohttp>=3.14.1"]` added | aiohttp |
| `examples/rag_react_agent/uv.lock` | aiohttp 3.13.3→3.14.1; bleach 6.3.0→6.4.0; additional transitive churn (see note) | aiohttp, bleach |
| `requirements.txt` | `aiohttp` → `aiohttp>=3.14.1` | aiohttp |
| `scripts/rag-perf/pyproject.toml` | `[tool.uv] override-dependencies = ["aiohttp>=3.14.1"]` added | aiohttp |
| `scripts/rag-perf/uv.lock` | aiohttp 3.13.5→3.14.1 | aiohttp |
| `scripts/eval/pyproject.toml` | `[tool.uv] override-dependencies = ["aiohttp>=3.14.1"]` added | aiohttp |
| `scripts/eval/uv.lock` | aiohttp 3.13.5→3.14.1 | aiohttp |

**Note on `examples/rag_react_agent/uv.lock` churn:** When this sub-workspace (which uses `nvidia-rag` as a local path source) is re-locked, uv resolves the current state of the path source (now at 2.6.0.rc1 with updated transitive deps). This produces additional version bumps for langchain, langgraph, openai, etc. beyond aiohttp/bleach. This churn is inherent to the path-source workspace and is identical whether invoked as `uv lock`, `uv lock --upgrade-package aiohttp`, or `uv lock --upgrade-package aiohttp --no-upgrade`. It is not scope creep from this CVE fix.

---

## Validation

**Track B — RECOMMENDATION (UNVERIFIED)**

pip-audit was not used to confirm CVE absence post-fix because the uv-created venv has no pip module. The fix evidence is:

- `uv.lock` SHA256-anchored pins: aiohttp 3.14.1, bleach 6.4.0
- `pnpm-lock.yaml`: react-router-dom 7.18.1
- `examples/rag_react_agent/uv.lock` manifest override annotation: `overrides = [{ name = "aiohttp", specifier = ">=3.14.1" }]`, resolved 3.14.1

All lockfile evidence is genuine and cryptographically anchored. A live scanner run confirming CVE absence post-install has NOT been performed locally.

§5b/§5c/§5d (unit tests, lint, deployment smoke) are deferred to **Phase 9 CI pipeline validation** per `--validate pipeline` mode.

---

## Expert review cycle summary

| Cycle | Blockers found | Resolution |
|---|---|---|
| Cycle 1 | `scripts/requirements.txt` hard pin `aiohttp==3.12.14` negated fix | Fixed: changed to `aiohttp>=3.14.1` |
| Cycle 2 | `examples/rag_react_agent/uv.lock` still at aiohttp 3.13.3 | Fixed: added override to sub-workspace pyproject.toml, re-locked |
| Cycle 3 | `rag-perf/uv.lock`, `eval/uv.lock` at 3.13.5; `requirements.txt` unpinned | Fixed: override sections added to both pyproject.toml files, re-locked; requirements.txt pinned |

---

## Incidental findings (non-blocking)

### MAJOR ADVISORY: bleach EOL
- **bleach 6.4.0 is the final release.** The bleach project is now unmaintained (no future security patches planned). The current fix resolves the immediate BDSAs, but any future vulnerability in bleach will have no upstream fix.
- **Recommendation:** Migrate `bleach.clean()` usages to `nh3` (the maintained successor). Affected files:
- `src/nvidia_rag/rag_server/validation.py` (lines 34, 55)
- `src/nvidia_rag/rag_server/response_generator.py`
- `src/nvidia_rag/rag_server/server.py`
- This is a follow-on task, not a blocker for this PR.

### Container-surface CVEs (deferred — `--include-base-image` not set)
- Several container-only CVEs (Python tarfile, pyarrow base-image packages, react-router in container layer) were identified. Without `--include-base-image`, these are deferred. Run with `--include-base-image` to address Dockerfile/base-image fixes.

### `examples/rag_react_agent` release lane
- This sub-project pins `nvidia-rag[rag]~=2.4` (older release lane). The local path source override means it tracks the current repo, but the published constraint is stale. This is noted for informational purposes only.

---

## Phase 9 CI validation (pending)

Gating jobs: `unit-tests`, `frontend-unit-tests`, `lint`, `integration-tests`, `docker-tests` (GPU chain, `--ci-wait-gpu`)
Poll timeout: 55 minutes
Max fix-loop iterations: 3
Platform: GitHub (`--platform github`) — PR to be opened as draft
2 changes: 1 addition & 1 deletion examples/nvidia_rag_mcp/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
mcp>=1.23.1
aiohttp>=3.13.3
aiohttp>=3.14.1
fastmcp>=3.2.0
anyio>=4.12.0
httpx>=0.28.1
Expand Down
3 changes: 3 additions & 0 deletions examples/rag_react_agent/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ source = "https://github.com/NVIDIA/NeMo-Agent-Toolkit"
managed = true
config-settings = { editable_mode = "compat" }
prerelease = "allow" # nvidia-nat packages are currently pre-release only
override-dependencies = [
"aiohttp>=3.14.1",
]


[tool.uv.sources]
Expand Down
Loading
Loading