You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 2, 2021. It is now read-only.
Kevin Reid edited this page Apr 16, 2015
·
1 revision
(legacy summary: Security Advisory 2011/08/02)
Caja Security Advisory 2011/08/02
Revision 4229 introduced support for innerText with an incorrect
check for the editability of script tags. As a result, an
attacker is able to create a script nodes containing uncajoled code.
For unrelated reasons, an earlier change at Revision 3802 disabled
tests that test for this case.
Impact
This vulnerability allows attackers' sandboxed code to completely
bypass all Caja's protections if the container is using a version of
Caja between revision 4229 and 4570 by setting innerText of script
elements.
Advice
Do one of the following:
Best: Upgrade to a version of Caja at or after 4570.