CVE-2022-36036 – Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
https://notcve.org/view.php?id=CVE-2022-36036
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds. mdx-mermaid proporciona acceso plug and play a Mermaid en MDX. • https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-31108 – Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js
https://notcve.org/view.php?id=CVE-2022-31108
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to "load" a background image that will let an attacker know what's the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. • https://github.com/mermaid-js/mermaid/commit/0ae1bdb61adff1cd485caff8c62ec6b8ac57b225 https://github.com/mermaid-js/mermaid/security/advisories/GHSA-x3vm-38hw-55wf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-43861 – Incorrect sanitisation function leads to `XSS`
https://notcve.org/view.php?id=CVE-2021-43861
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading. Mermaid es una herramienta de diagramación y gráficos basada en Javascript que usa definiciones de texto inspiradas en Markdown y un renderizador para crear y modificar diagramas complejos. • https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83 https://github.com/mermaid-js/mermaid/releases/tag/8.13.8 https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-35513
https://notcve.org/view.php?id=CVE-2021-35513
Mermaid before 8.11.0 allows XSS when the antiscript feature is used. Mermaid versiones anteriores a 8.11.0, permite un ataque de tipo XSS cuando la funcionalidad antiscript es usada • https://github.com/mermaid-js/mermaid/issues/2122 https://github.com/mermaid-js/mermaid/pull/2123 https://github.com/mermaid-js/mermaid/releases/tag/8.11.0-rc2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •