Описание
Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to arbitrary script execution in the context of applications that render the SVG.
A flaw was found in PlantUML. This vulnerability, known as Stored Cross-Site Scripting (XSS), occurs due to insufficient sanitization of interactive attributes within GraphViz diagrams. A remote attacker can exploit this by crafting a malicious PlantUML diagram, which then injects harmful JavaScript into the generated Scalable Vector Graphics (SVG) output. This can lead to arbitrary script execution within applications that render the affected SVG.
Отчет
This vulnerability is rated Moderate for Red Hat. It affects PlantUML versions prior to 1.2026.0, allowing Stored Cross-Site Scripting (XSS) through crafted GraphViz diagrams. When a malicious PlantUML diagram is processed, it can inject arbitrary JavaScript into the generated SVG output, which then executes in the context of applications rendering the SVG. Exploitation requires user interaction with a crafted diagram.
Меры по смягчению последствий
To mitigate this vulnerability, avoid processing or rendering PlantUML diagrams from untrusted sources. If processing untrusted diagrams is unavoidable, ensure that the environment where the SVG output is rendered is adequately sandboxed to limit the impact of potential script execution. This operational control helps reduce exposure to the Stored XSS flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2 | openshift-service-mesh/grafana-rhel8 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/istio-cni-rhel8 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/istio-must-gather-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/istio-operator-bundle | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/istio-rhel8-operator | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/pilot-rhel8 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/proxyv2-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/ratelimit-rhel8 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to arbitrary script execution in the context of applications that render the SVG.
Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to arbitrary script execution in the context of applications that render the SVG.
Versions of the package net.sourceforge.plantuml:plantuml before 1.202 ...
PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams
EPSS
6.1 Medium
CVSS3