Merge branch 'master' into patch-1

mitre · Feb 25, 2025 · 751ac21 · 751ac21
2 parents bce832c + cc4b9cd
commit 751ac21
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -8,6 +8,8 @@
 
 `🚨Security Notice🚨 : (17 Feb 2025 10:00 EST) Please pull or repull the main branch for a recent RCE security patch. MITRE Caldera team will provide a CVE and writeup on the RCE soon, but in the mean time please update your Caldera instance, especially if you host Caldera on a publicly accessible network.`
 
+[Vulnerability walkthrough.](https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e)
+
 MITRE Caldera&trade; is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.
 
 It is built on the [MITRE ATT&CK™ framework](https://attack.mitre.org/) and is an active research project at MITRE.

diff --git a/app/contacts/contact_websocket.py b/app/contacts/contact_websocket.py
@@ -34,9 +34,10 @@ def __init__(self, services):
         self.handles = []
         self.log = BaseWorld.create_logger('websocket_handler')
 
-    async def handle(self, socket, path):
+    async def handle(self, connection):
         try:
+            path = connection.request.path
             for handle in [h for h in self.handles if path.split('/', 1)[1].startswith(h.tag)]:
-                await handle.run(socket, path, self.services)
+                await handle.run(connection, path, self.services)
         except Exception as e:
             self.log.debug(e)
diff --git a/requirements.txt b/requirements.txt
@@ -5,8 +5,8 @@ aiohttp-security==0.4.0
 aiohttp-apispec==3.0.0b2
 jinja2==3.1.3
 pyyaml==6.0.1
-cryptography==42.0.2
-websockets==11.0.3
+cryptography==44.0.1
+websockets==15.0
 Sphinx==7.1.2
 sphinx_rtd_theme==1.3.0
 myst-parser==2.0.0