CVE-2023-26486

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-26486

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26486.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-26486

Aliases

GHSA-4vq7-882g-wcg4

Published

2023-03-03T23:48:41.382Z

Modified

2025-12-04T23:43:39.789433Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Vega `scale` expression function cross site scripting

Details

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26486.json"
}

References

Affected packages

Git / github.com/vega/vega

Affected ranges

Type: GIT
Repo: https://github.com/vega/vega
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fb1092f6b931d450f9c210b67ae4752bd3dd461b

Affected versions

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.5.0

v1.5.1

v1.5.4

v3.*

v3.0.0

v3.0.0-beta.1

v3.0.0-beta.10

v3.0.0-beta.11

v3.0.0-beta.12

v3.0.0-beta.13

v3.0.0-beta.14

v3.0.0-beta.15

v3.0.0-beta.16

v3.0.0-beta.17

v3.0.0-beta.18

v3.0.0-beta.19

v3.0.0-beta.2

v3.0.0-beta.20

v3.0.0-beta.21

v3.0.0-beta.22

v3.0.0-beta.23

v3.0.0-beta.24

v3.0.0-beta.25

v3.0.0-beta.26

v3.0.0-beta.27

v3.0.0-beta.28

v3.0.0-beta.29

v3.0.0-beta.3

v3.0.0-beta.30

v3.0.0-beta.31

v3.0.0-beta.32

v3.0.0-beta.33

v3.0.0-beta.34

v3.0.0-beta.35

v3.0.0-beta.36

v3.0.0-beta.37

v3.0.0-beta.38

v3.0.0-beta.39

v3.0.0-beta.4

v3.0.0-beta.6

v3.0.0-beta.7

v3.0.0-beta.8

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.0.0-rc5

v3.0.0-rc6

v3.0.0-rc7

v3.0.1

v3.0.10

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1.0

v3.2.0

v3.2.1

v3.3.0

v3.3.1

v4.*

v4.0.0

v4.0.0-rc.1

v4.0.0-rc.3

v4.1.0

v4.2.0

v4.3.0

v4.4.0

v4.5.1

v5.*

v5.0.0

v5.0.0-rc1

v5.0.0-rc2

v5.0.0-rc3

v5.0.0-rc4

v5.0.0-rc5

v5.1.0

v5.10.0

v5.10.1

v5.11.0

v5.11.1

v5.12.0

v5.12.1

v5.12.2

v5.12.3

v5.13.0

v5.14.0

v5.15.0

v5.16.0

v5.16.1

v5.17.0

v5.17.1

v5.17.2

v5.17.3

v5.18.0

v5.19.0

v5.19.1

v5.2.0

v5.20.0

v5.20.1

v5.20.2

v5.21.0

v5.22.0

v5.22.1

v5.3.0

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.4.0

v5.4.1

v5.5.0

v5.5.1

v5.5.2

v5.5.3

v5.6.0

v5.7.0

v5.7.1

v5.7.2

v5.7.3

v5.8.0

v5.8.1

v5.9.0

v5.9.1

v5.9.2