Описание
Withdrawn Advisory: microlight.js has a null pointer dereference vulnerability
Withdrawn Advisory
This advisory has been withdrawn because a website owner has to set CSS color values. The proof of concept doesn't demonstrate how a malicious user who is not the website owner can cause an application crash. This link has been maintained to preserve external references.
Original Description
A null pointer dereference vulnerability was discovered in microlight.js (version 0.0.7), a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash.
Пакеты
microlight
<= 0.0.7
Отсутствует
Связанные уязвимости
A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash. NOTE: this is disputed by multiple parties because there is no common scenario in which an adversary can insert those non-standard values.