Information Disclosure

2022-06-2918:01:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

30.2%

JSON

Mermaid is vulnerable to information disclosure. The vulnerability exists due to a css injection into the generated graph allowing for arbitrary graph modification leading to information disclosure by querying form data by css selectors.

CPENameOperatorVersion
mermaidle9.1.1
mermaidle9.1.1

CPE	Name	Operator	Version
	mermaid	le	9.1.1
	mermaid	le	9.1.1

References

github.com/mermaid-js/mermaid/commit/0ae1bdb61adff1cd485caff8c62ec6b8ac57b225

github.com/mermaid-js/mermaid/security/advisories/GHSA-x3vm-38hw-55wf

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for VERACODE:36205