admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2021-39175 for GHSA-j748-779h-9697

Browse Source 
Add CVE-2021-39175 for GHSA-j748-779h-9697
This commit is contained in:
advisory-db[bot] 2021-08-30 20:36:32 +00:00 committed by GitHub
parent 36fda4674d
commit f89e248f48
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 94 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
2021/39xxx/CVE-2021-39175.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "XSS vector in slide mode speaker-view"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hedgedoc",
"version": {
"version_data": [
{
"version_value": "< 1.9.0"
}
]
}
}
]
},
"vendor_name": "hedgedoc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-346: Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697",
"refsource": "CONFIRM",
"url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697"
},
{
"name": "https://github.com/hedgedoc/hedgedoc/pull/1369",
"refsource": "MISC",
"url": "https://github.com/hedgedoc/hedgedoc/pull/1369"
},
{
"name": "https://github.com/hedgedoc/hedgedoc/pull/1375",
"refsource": "MISC",
"url": "https://github.com/hedgedoc/hedgedoc/pull/1375"
},
{
"name": "https://github.com/hedgedoc/hedgedoc/pull/1513",
"refsource": "MISC",
"url": "https://github.com/hedgedoc/hedgedoc/pull/1513"
}
]
},
"source": {
"advisory": "GHSA-j748-779h-9697",
"discovery": "UNKNOWN"
}
}