CVE-2023-22491

{"id": "CVE-2023-22491", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-01-13T19:15:12.407", "references": [{"url": "https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-7ch4-rr99-cqcw", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-7ch4-rr99-cqcw", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-89"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL). Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. A patch has been introduced in `gatsby-transformer-remark@5.25.1` and `gatsby-transformer-remark@6.3.2` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. As a workaround, if an older version of `gatsby-transformer-remark` must be used, input passed into the plugin should be sanitized ahead of processing. It is encouraged for projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner."}, {"lang": "es", "value": "Gatsby es un framework gratuito y de c\u00f3digo abierto basado en React que ayuda a los desarrolladores a crear sitios web y aplicaciones. El complemento gatsby-transformer-remark anterior a las versiones 5.25.1 y 6.3.2 pasa la entrada al paquete npm `gray-matter`, que es vulnerable a la inyecci\u00f3n de JavaScript en su configuraci\u00f3n predeterminada, a menos que la entrada est\u00e9 desinfectada. La vulnerabilidad est\u00e1 presente en gatsby-transformer-remark cuando se pasa entrada en modo de datos (consultando nodos MarkdownRemark a trav\u00e9s de GraphQL). El JavaScript inyectado se ejecuta en el contexto del servidor de compilaci\u00f3n. Para explotar esta vulnerabilidad, la entrada no confiable/no desinfectada tendr\u00eda que obtenerse o agregarse a un archivo procesado por gatsby-transformer-remark. Se introdujo un parche en `gatsby-transformer-remark@5.25.1` y `gatsby-transformer-remark@6.3.2` que mitiga el problema al deshabilitar el motor JavaScript Frontmatter de `materia gris`. Como workaround, si se debe utilizar una versi\u00f3n anterior de `gatsby-transformer-remark`, la entrada pasada al complemento debe desinfectarse antes del procesamiento. Se recomienda que los proyectos actualicen a la \u00faltima versi\u00f3n principal de todos los complementos de Gatsby para garantizar que las \u00faltimas actualizaciones de seguridad y correcciones de errores se reciban de manera oportuna."}], "lastModified": "2024-11-21T07:44:54.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gatsbyjs:gatsby:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "A4C7E5A6-DB6C-466C-B29B-77AE0F949F31", "versionEndExcluding": "5.25.1"}, {"criteria": "cpe:2.3:a:gatsbyjs:gatsby:6.3.1:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "905C5A4D-1415-4854-A55E-0D31E85CB048"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}