GHSA-98pf-gfh3-x3mp

Suggest an improvement
Source
https://github.com/advisories/GHSA-98pf-gfh3-x3mp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-98pf-gfh3-x3mp/GHSA-98pf-gfh3-x3mp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-98pf-gfh3-x3mp
Published
2022-11-10T16:02:51Z
Modified
2022-11-10T16:02:51Z
Summary
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Details

Impact

This vulnerability allowed a malicious user to serve arbitrary HTML files from the main application domain (readthedocs[.]org/readthedocs[.]com) by exploiting a vulnerability in the code that serves downloadable content from a project.

Exploiting this would have required the attacker to get a logged-in user to visit the malicious URL, which would have allowed the attacker to take control of the user's session with JavaScript (making requests to the API/site on behalf of the user). This URL would have looked something like hxxps[:]//readthedocs[.]org/projects/attacker-project/downloads/html/version-with-javascript-attack/.

Patches

This issue has been patched in our 8.8.1 release.

References

Affected packages

npm / readthedocs

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.8.1