PT-2024-36709 · Lumos+1 · Lumos+1
Edmpl
·
Published
2024-12-15
·
Updated
2024-12-16
·
CVE-2024-56082
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Lumos versions prior to 1.0.17
Description
The issue arises from the
ChatBar.tsx component in Lumos, which parses raw HTML in Markdown. This occurs because the markdown-to-jsx package is used without setting disableParsingRawHTML to true.Recommendations
For versions prior to 1.0.17, update to version 1.0.17 or later to resolve the issue. As a temporary workaround, consider setting
disableParsingRawHTML to true in the markdown-to-jsx package to prevent raw HTML parsing.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lumos
Markdown-To-Jsx