Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by shubhamjain

    CVE-2023-40013 (GCVE-0-2023-40013)

    Vulnerability from nvd – Published: 2023-08-14 20:10 – Updated: 2024-10-02 20:35
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in external-svg-loader
    Summary
    SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in Cross-site Scripting (XSS). When trying to sanitize the svg the lib removes event attributes such as `onmouseover`, `onclick` but the list of events is not exhaustive. Any website which uses external-svg-loader and allows its users to provide svg src, upload svg files would be susceptible to stored XSS attack. This issue has been addressed in commit `d3562fc08` which is included in releases from 1.6.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    shubhamjain svg-loader Affected: < 1.6.9
    Create a notification for this product.
    shubhamjain svg_loader Affected: 0 , < 1.6.9 (custom)
        cpe:2.3:a:shubhamjain:svg_loader:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:24:54.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/shubhamjain/svg-loader/security/advisories/GHSA-xc2r-jf2x-gjr8",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/shubhamjain/svg-loader/security/advisories/GHSA-xc2r-jf2x-gjr8"
              },
              {
                "name": "https://github.com/shubhamjain/svg-loader/commit/d3562fc08497aec5f33eb82017fa1417b3319e2c",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shubhamjain/svg-loader/commit/d3562fc08497aec5f33eb82017fa1417b3319e2c"
              },
              {
                "name": "https://github.com/shubhamjain/svg-loader/blob/main/svg-loader.js#L125-L128",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shubhamjain/svg-loader/blob/main/svg-loader.js#L125-L128"
              },
              {
                "name": "https://github.com/shubhamjain/svg-loader/tree/main#2-enable-javascript",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shubhamjain/svg-loader/tree/main#2-enable-javascript"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:shubhamjain:svg_loader:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "svg_loader",
                "vendor": "shubhamjain",
                "versions": [
                  {
                    "lessThan": "1.6.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40013",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T20:29:25.846454Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T20:35:31.785Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "svg-loader",
              "vendor": "shubhamjain",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.6.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag\u0027s place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in Cross-site Scripting (XSS). When trying to sanitize the svg the lib removes event attributes such as `onmouseover`, `onclick` but the list of events is not exhaustive.  Any website which uses external-svg-loader and allows its users to provide svg src, upload svg files would be susceptible to stored XSS attack. This issue has been addressed in commit `d3562fc08` which is included in releases from 1.6.9. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-14T20:10:24.585Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/shubhamjain/svg-loader/security/advisories/GHSA-xc2r-jf2x-gjr8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/shubhamjain/svg-loader/security/advisories/GHSA-xc2r-jf2x-gjr8"
            },
            {
              "name": "https://github.com/shubhamjain/svg-loader/commit/d3562fc08497aec5f33eb82017fa1417b3319e2c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shubhamjain/svg-loader/commit/d3562fc08497aec5f33eb82017fa1417b3319e2c"
            },
            {
              "name": "https://github.com/shubhamjain/svg-loader/blob/main/svg-loader.js#L125-L128",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shubhamjain/svg-loader/blob/main/svg-loader.js#L125-L128"
            },
            {
              "name": "https://github.com/shubhamjain/svg-loader/tree/main#2-enable-javascript",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shubhamjain/svg-loader/tree/main#2-enable-javascript"
            }
          ],
          "source": {
            "advisory": "GHSA-xc2r-jf2x-gjr8",
            "discovery": "UNKNOWN"
          },
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in external-svg-loader"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-40013",
        "datePublished": "2023-08-14T20:10:24.585Z",
        "dateReserved": "2023-08-08T13:46:25.241Z",
        "dateUpdated": "2024-10-02T20:35:31.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40013 (GCVE-0-2023-40013)

    Vulnerability from cvelistv5 – Published: 2023-08-14 20:10 – Updated: 2024-10-02 20:35
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in external-svg-loader
    Summary
    SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in Cross-site Scripting (XSS). When trying to sanitize the svg the lib removes event attributes such as `onmouseover`, `onclick` but the list of events is not exhaustive. Any website which uses external-svg-loader and allows its users to provide svg src, upload svg files would be susceptible to stored XSS attack. This issue has been addressed in commit `d3562fc08` which is included in releases from 1.6.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    shubhamjain svg-loader Affected: < 1.6.9
    Create a notification for this product.
    shubhamjain svg_loader Affected: 0 , < 1.6.9 (custom)
        cpe:2.3:a:shubhamjain:svg_loader:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:24:54.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/shubhamjain/svg-loader/security/advisories/GHSA-xc2r-jf2x-gjr8",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/shubhamjain/svg-loader/security/advisories/GHSA-xc2r-jf2x-gjr8"
              },
              {
                "name": "https://github.com/shubhamjain/svg-loader/commit/d3562fc08497aec5f33eb82017fa1417b3319e2c",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shubhamjain/svg-loader/commit/d3562fc08497aec5f33eb82017fa1417b3319e2c"
              },
              {
                "name": "https://github.com/shubhamjain/svg-loader/blob/main/svg-loader.js#L125-L128",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shubhamjain/svg-loader/blob/main/svg-loader.js#L125-L128"
              },
              {
                "name": "https://github.com/shubhamjain/svg-loader/tree/main#2-enable-javascript",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shubhamjain/svg-loader/tree/main#2-enable-javascript"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:shubhamjain:svg_loader:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "svg_loader",
                "vendor": "shubhamjain",
                "versions": [
                  {
                    "lessThan": "1.6.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40013",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T20:29:25.846454Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T20:35:31.785Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "svg-loader",
              "vendor": "shubhamjain",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.6.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag\u0027s place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in Cross-site Scripting (XSS). When trying to sanitize the svg the lib removes event attributes such as `onmouseover`, `onclick` but the list of events is not exhaustive.  Any website which uses external-svg-loader and allows its users to provide svg src, upload svg files would be susceptible to stored XSS attack. This issue has been addressed in commit `d3562fc08` which is included in releases from 1.6.9. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-14T20:10:24.585Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/shubhamjain/svg-loader/security/advisories/GHSA-xc2r-jf2x-gjr8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/shubhamjain/svg-loader/security/advisories/GHSA-xc2r-jf2x-gjr8"
            },
            {
              "name": "https://github.com/shubhamjain/svg-loader/commit/d3562fc08497aec5f33eb82017fa1417b3319e2c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shubhamjain/svg-loader/commit/d3562fc08497aec5f33eb82017fa1417b3319e2c"
            },
            {
              "name": "https://github.com/shubhamjain/svg-loader/blob/main/svg-loader.js#L125-L128",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shubhamjain/svg-loader/blob/main/svg-loader.js#L125-L128"
            },
            {
              "name": "https://github.com/shubhamjain/svg-loader/tree/main#2-enable-javascript",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shubhamjain/svg-loader/tree/main#2-enable-javascript"
            }
          ],
          "source": {
            "advisory": "GHSA-xc2r-jf2x-gjr8",
            "discovery": "UNKNOWN"
          },
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in external-svg-loader"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-40013",
        "datePublished": "2023-08-14T20:10:24.585Z",
        "dateReserved": "2023-08-08T13:46:25.241Z",
        "dateUpdated": "2024-10-02T20:35:31.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }