CVE-2024-36109

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-36109

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36109.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36109

Aliases

GHSA-8w44-hggw-p5rf

Published

2024-05-28T18:40:55.068Z

Modified

2026-04-10T05:14:14.968709Z

Severity

7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L CVSS Calculator

Summary

Cross-site Scripting with Markdown rendering in CoCalc

Details

CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows <script> tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36109.json"
}

References

Affected packages

Git / github.com/sagemathinc/cocalc

Affected ranges

Type: GIT
Repo: https://github.com/sagemathinc/cocalc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

419862a9c9879c

Type: GIT
Repo: https://github.com/sagemathinc/cocalc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

419862a9c9879c

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36109.json"