GHSA-rvgm-35jw-q628

Опубликовано: 31 авг. 2022

Источник: github

Github: Прошло ревью

CVSS3: 3.6

Описание

Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

Impact

Arbitary javascript injection

Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs

` + (function () { // Put Javascript code here return '' }()) + `

The block below shows a valid mermaid code block

```mermaid graph TD; A-->B; A-->C; B-->D; C-->D; ```

The same block but with the exploit added

```mermaid ` + (function () { alert('vulnerable') return '' }()) + ` graph TD; A-->B; A-->C; B-->D; C-->D; ```

Patches

1.3.0 and 2.0.0-rc2

Workarounds

None known

Ссылки

Пакеты

Наименование

mdx-mermaid

npm

Затронутые версииВерсия исправления

< 1.3.0

1.3.0

Наименование

mdx-mermaid

npm

Затронутые версииВерсия исправления

= 2.0.0-rc1

2.0.0-rc2

EPSS

Процентиль: 33%

0.00129

Низкий

3.6 Low

CVSS3

CVE ID

CVE-2022-36036

Дефекты

CWE-94

Связанные уязвимости

CVE-2022-36036

CVSS3: 3.6

nvd

больше 3 лет назад

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds.

EPSS

Процентиль: 33%

0.00129

Низкий

3.6 Low

CVSS3

CVE ID

CVE-2022-36036

Дефекты

CWE-94