Lucene search

GoogleOSV:CVE-2023-26486

HistoryMar 04, 2023 - 12:15 a.m.

CVE-2023-26486

2023-03-0400:15:15

Google

osv.dev

vega

visualization

vulnerability

version 5.13.1

javascript

sandbox

0.002 Low

EPSS

Percentile

54.2%

JSON

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.

CPENameOperatorVersion
vegaeq5.0.0-rc2
vegaeq1.3.0
vegaeq3.0.0-beta.24
vegaeq5.15.0
vegaeq5.7.1
vegaeq5.18.0
vegaeq5.3.0
vegaeq3.0.0-beta.13
vegaeq5.5.1
vegaeq3.0.0-beta.11

Name	Operator	Version
vega	eq	5.0.0-rc2
vega	eq	1.3.0
vega	eq	3.0.0-beta.24
vega	eq	5.15.0
vega	eq	5.7.1
vega	eq	5.18.0
vega	eq	5.3.0
vega	eq	3.0.0-beta.13
vega	eq	5.5.1
vega	eq	3.0.0-beta.11

Rows per page:

1-10 of 1391

References

github.com/vega/vega/releases/tag/v5.23.0

github.com/vega/vega/security/advisories/GHSA-4vq7-882g-wcg4

github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packages/vega-functions/src/functions/scale.js#L36-L37

github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packages/vega-functions/src/scales.js#L6

vega.github.io/editor/#/url/vega/N4IgJAzgxgFgpgWwIYgFwhgF0wBwqgegIDc4BzJAOjIEtMYBXAI0poHsDp5kTykSArJQBWENgDsQAGhAATJJhSoA2qHFIEcNCAAaAZT0ACAApsAwtJDEkAGwZwIaZQEYAujMwAnJOIgAzNk8EJ1BMAE8cLXQAoIYbFBkkR3QNNgZxTEs4AA8cT21oWzgACgByP3SoUqlDcTibGsNgKAlMHMxUJsKbB07gCvEoPus7OE7ukvLK6sNSuBHihTYmYoAdEABNAHVsmyhxAEU2AFk9AGsAdnWASmuZ5tb2von8JoGhppH7TuVXShbfF4GFBMIF-hIIECQYEAL5wmHXeEIkAw1yomFAA

0.002 Low

EPSS

Percentile

54.2%

JSON

Related for OSV:CVE-2023-26486