Описание
OMERO.web must check that the JSONP callback is a valid function
Background
There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is /webclient/imgData/.... As we only really use these endpoints with jQuery's own callback name generation 1 it is quite difficult or even impossible to exploit this in vanilla OMERO.web. However, these metadata endpoints are likely to be used by many plugins.
Impact
OMERO.web before 5.25.0
Patches
Users should upgrade to 5.26.0 or higher
Workarounds
None
References
- https://stackoverflow.com/questions/2777021/do-i-need-to-sanitize-the-callback-parameter-from-a-jsonp-call
- https://stackoverflow.com/questions/1661197/what-characters-are-valid-for-javascript-variable-names
For more information If you have any questions or comments about this advisory:
Open an issue in omero-web Email us at security@openmicroscopy.org
Footnotes
Пакеты
omero-web
< 5.26.0
5.26.0
Связанные уязвимости
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.