GHSA-xv83-x443-7rmw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xv83-x443-7rmw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-xv83-x443-7rmw/GHSA-xv83-x443-7rmw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xv83-x443-7rmw
- Aliases
- Related
- Published
- 2023-04-25T19:48:11Z
- Modified
- 2023-11-08T04:12:25.905467Z
- Severity
-
- 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L CVSS Calculator
- Summary
- HTML injection in search results via plaintext message highlighting
- Details
-
Impact
Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload.
Cross-site scripting is possible by including resources from
recaptcha.netandgstatic.comwhich are included in the default CSP.Thanks to Cadence Ember for finding the injection and to S1m for finding possible XSS vectors.
Patches
Version 3.71.0 of the SDK fixes the issue.
Workarounds
Restarting the client will clear the injection.
- Database specific
{ "github_reviewed_at": "2023-04-25T19:48:11Z", "github_reviewed": true, "nvd_published_at": "2023-04-25T21:15:10Z", "cwe_ids": [ "CWE-74", "CWE-79" ], "severity": "HIGH" }- References
-
- https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-xv83-x443-7rmw
- https://nvd.nist.gov/vuln/detail/CVE-2023-30609
- https://github.com/matrix-org/matrix-react-sdk/commit/bf182bc94556849d7acdfa0e5fdea2aa129ea826
- https://github.com/matrix-org/matrix-react-sdk
- https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.71.0
Affected packages
npm / matrix-react-sdk
Package
- Name
- matrix-react-sdk
- View open source insights on deps.dev
- Purl
- pkg:npm/matrix-react-sdk