CVE-2016-10531

{"id": "CVE-2016-10531", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-05-31T20:29:01.033", "references": [{"url": "https://github.com/chjj/marked/pull/592", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://github.com/chjj/marked/pull/592/commits/2cff85979be8e7a026a9aca35542c470cf5da523", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://nodesecurity.io/advisories/101", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://github.com/chjj/marked/pull/592", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/chjj/marked/pull/592/commits/2cff85979be8e7a026a9aca35542c470cf5da523", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://nodesecurity.io/advisories/101", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left."}, {"lang": "es", "value": "marked es una aplicaci\u00f3n hecha para analizar y compilar markdown. Debido a la forma en la que marked, en versiones 0.3.5 y anteriores, analiza entradas (espec\u00edficamente, entidades HTML), es posible omitir la protecci\u00f3n de inyecci\u00f3n de contenido de marked (\"sanitize: true\") para inyectar una URL \"javascript:\". Este fallo existe porque \"#xNNanything;\" se analiza hasta donde se puede y olvida el resto, lo que resulta en que \"anything;\" queda suelto."}], "lastModified": "2024-11-21T02:44:12.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "BEF40AFF-3F72-4F2A-B903-F1AA12E427E4", "versionEndIncluding": "0.3.5"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}