PT-2023-27760 · Unknown · @Dcl/Single-Sign-On-Client

🗓️ 01 Sep 2023 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 4 Views

Improper input validation in @dcl/single-sign-on-client allows code execution; upgrade to 0.1.0 now.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-41049	2 Sep 202300:14	–	circl
CNNVD	Single Sign On Client Cross-Site Scripting Vulnerability	1 Sep 202300:00	–	cnnvd
CVE	CVE-2023-41049	1 Sep 202319:35	–	cve
Cvelist	CVE-2023-41049 Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client	1 Sep 202319:35	–	cvelist
EUVD	EUVD-2023-2603	3 Oct 202520:07	–	euvd
Github Security Blog	Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client	4 Sep 202316:36	–	github
NVD	CVE-2023-41049	1 Sep 202320:15	–	nvd
OSV	CVE-2023-41049 Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client	1 Sep 202319:35	–	osv
OSV	GHSA-VP4F-WXGW-7X8X Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client	4 Sep 202316:36	–	osv
Prion	Input validation	1 Sep 202320:15	–	prion

Source	Link
github	www.github.com/decentraland/single-sign-on-client/security/advisories/GHSA-vp4f-wxgw-7x8x
github	www.github.com/decentraland/single-sign-on-client/commit/bd20ea9533d0cda30809d929db85b1b76cef855a
osv	www.osv.dev/vulnerability/CVE-2023-41049
osv	www.osv.dev/vulnerability/GHSA-vp4f-wxgw-7x8x
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-41049
github	www.github.com/decentraland/single-sign-on-client/pull/2
github	www.github.com/decentraland/single-sign-on-client
twitter	www.twitter.com/cracbot/status/1697851902812389686
t	www.t.me/cibsecurity/69694

06 Sep 2023 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.16.1 - 7.5

EPSS0.00364

SSVC

input validation issue arbitrary javascript execution @dcl/single-sign-on-client upgrade recommendation user input sanitization