Adds CVE-2021-23342

2025-06-12 02:05:39 +00:00 · 2021-02-19 18:30:19 +02:00 · 2021-02-19 18:30:19 +02:00 · 0a75306f9a
commit 0a75306f9a
parent ef73830a6d
1 changed files with 84 additions and 4 deletions
--- a/2021/23xxx/CVE-2021-23342.json
+++ b/2021/23xxx/CVE-2021-23342.json
@ -3,16 +3,96 @@
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "report@snyk.io",
+        "DATE_PUBLIC": "2021-02-19T16:30:17.736948Z",
        "ID": "CVE-2021-23342",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cross-site Scripting (XSS)"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "docsify",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_value": "4.12.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Cross-site Scripting (XSS)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-1066017"
+            },
+            {
+                "refsource": "CONFIRM",
+                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076593"
+            },
+            {
+                "refsource": "CONFIRM",
+                "url": "https://github.com/docsifyjs/docsify/commit/ff2a66f12752471277fe81a64ad6c4b2c08111fe"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "This affects the package docsify before 4.12.0.\n It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods\r\n\r\n1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. \r\n\r\n2) The isURL external check can be bypassed by inserting more \u201c////\u201d characters \r\n\r\n"
            }
        ]
-    }
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:U/RC:C",
+            "baseScore": 8.6,
+            "baseSeverity": "HIGH",
+            "attackVector": "NETWORK",
+            "attackComplexity": "LOW",
+            "privilegesRequired": "NONE",
+            "userInteraction": "NONE",
+            "scope": "UNCHANGED",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "LOW",
+            "availabilityImpact": "LOW"
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "GiuliCler (Giulia Clerici)"
+        },
+        {
+            "lang": "eng",
+            "value": "Egidio Romano"
+        }
+    ]
 }