Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS vulnerability could result in RCE - CVE-2021-29996 #2548

Closed
briskets opened this issue Apr 4, 2021 · 1 comment · Fixed by #2765
Closed

XSS vulnerability could result in RCE - CVE-2021-29996 #2548

briskets opened this issue Apr 4, 2021 · 1 comment · Fixed by #2765

Comments

@briskets
Copy link

briskets commented Apr 4, 2021

Description

Cross Site Scripting (XSS) vulnerability that could result in Remote Code Execution (RCE).

CVE-2021-29996 was assigned for this issue.

Steps to reproduce

  1. Create a .md file that contains:
```<style/onload=require('child_process').exec('calc')>

Expected behavior:

Language input for the fenced code block should be sanitized before rendered.

Actual behavior:

HTML stored as language input is not sanitized. Arbitrary javascript code is executed upon rendering. Processes outside of Mark Text could be executed due to nodeIntegration being enabled.

Proof of Concept

cve-2021-29996-poc

Versions

  • Mark Text version: 0.16.3
  • Operating system: Windows, Linux, MacOS
@OS-WS
Copy link

OS-WS commented Jun 21, 2021

Hi, @briskets
Was this issue ever addressed/ fixed?
If so, in what commit?

Thanks in advance!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants