PT-2022-23132 · Unknown · Mdx-Mermaid
Sjwall
·
Published
2022-08-29
·
Updated
2022-09-01
·
CVE-2022-36036
CVSS v3.1
3.6
Low
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
mdx-mermaid versions less than 1.3.0
mdx-mermaid versions 2.0.0-rc1
Description
The issue concerns an arbitrary JavaScript injection potential in mdx-mermaid. This can be exploited by modifying mermaid code blocks with arbitrary code, which will execute when the component is loaded by MDXjs. There are no known workarounds for this issue.
Recommendations
For mdx-mermaid versions less than 1.3.0, update to version 1.3.0 or later.
For mdx-mermaid version 2.0.0-rc1, update to version 2.0.0-rc2 or later.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mdx-Mermaid