Lucene search

Joe VennixNODEJS:126

HistoryJul 21, 2016 - 5:01 p.m.

Cross-Site Scripting

2016-07-2117:01:35

Joe Vennix

www.npmjs.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Overview

Affected versions of swagger-ui contain a cross-site scripting vulnerability in the key names of a specific nested object in the JSON document.

Proof of Concept

The vulnerable object structure is:

{
    "definitions": {
        "arbitraryVal": {
            "properties": {
                "&lt;INJECTABLE_KEY_NAME&gt;": "LoremIpsum"
                }
            }
        }
}

Malicious JSON documents can be loaded in by providing a URL to them in the url query string parameter.

Recommendation

Update to version 2.2.1 or later.

References

CPENameOperatorVersion
swagger-uile2.2.0

CPE	Name	Operator	Version
	swagger-ui	le	2.2.0

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for NODEJS:126