cnvd - cnvd-2018-06882

CNVD-2018-06882

Vulnerability from cnvd - Published: 2018-04-02

Title

NPR Visuals Team Pym.js跨站请求伪造漏洞

Description

NPR Visuals Team Pym.js是一个用于在容器中嵌入代码的工具。 NPR Visuals Team Pym.js 0.4.2版本至1.3.1版本中的‘Pym.js _onNavigateToMessage’函数的https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573存在跨站请求伪造漏洞。远程攻击者可利用该漏洞执行任意的JavaScript代码。

Severity

高

Patch Name

NPR Visuals Team Pym.js 跨站请求伪造漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html

Reference

http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html

Impacted products

Name
NPR Visuals Team Pym.js >= 0.4.2，<=1.3.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1000086",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000086"
    }
  },
  "description": "NPR Visuals Team Pym.js\u662f\u4e00\u4e2a\u7528\u4e8e\u5728\u5bb9\u5668\u4e2d\u5d4c\u5165\u4ee3\u7801\u7684\u5de5\u5177\u3002\r\n\r\nNPR Visuals Team Pym.js 0.4.2\u7248\u672c\u81f31.3.1\u7248\u672c\u4e2d\u7684\u2018Pym.js _onNavigateToMessage\u2019\u51fd\u6570\u7684https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684JavaScript\u4ee3\u7801\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-06882",
  "openTime": "2018-04-02",
  "patchDescription": "NPR Visuals Team Pym.js\u662f\u4e00\u4e2a\u7528\u4e8e\u5728\u5bb9\u5668\u4e2d\u5d4c\u5165\u4ee3\u7801\u7684\u5de5\u5177\u3002\r\n\r\nNPR Visuals Team Pym.js 0.4.2\u7248\u672c\u81f31.3.1\u7248\u672c\u4e2d\u7684\u2018Pym.js _onNavigateToMessage\u2019\u51fd\u6570\u7684https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684JavaScript\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NPR Visuals Team Pym.js \u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NPR Visuals Team Pym.js \u003e= 0.4.2\uff0c\u003c=1.3.1"
  },
  "referenceLink": "http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html",
  "serverity": "\u9ad8",
  "submitTime": "2018-03-27",
  "title": "NPR Visuals Team Pym.js\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2018-1000086 (GCVE-0-2018-1000086)

Vulnerability from cvelistv5 – Published: 2018-03-13 15:00 – Updated: 2024-08-05 12:33

Summary

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573 that can result in Arbitrary javascript code execution. This attack appear to be exploitable via Attacker gains full javascript access to pages with Pym.js embeds when user visits an attacker crafted page.. This vulnerability appears to have been fixed in versions 1.3.2 and later.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://blog.apps.npr.org/2018/02/15/pym-security-…	x_refsource_MISC
	https://github.com/nprapps/pym.js/issues/170	x_refsource_MISC
	https://github.com/nprapps/pym.js	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:49.162Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nprapps/pym.js/issues/170"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nprapps/pym.js"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-02-20T00:00:00",
      "datePublic": "2018-03-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573 that can result in Arbitrary javascript code execution. This attack appear to be exploitable via Attacker gains full javascript access to pages with Pym.js embeds when user visits an attacker crafted page.. This vulnerability appears to have been fixed in versions 1.3.2 and later."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-13T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nprapps/pym.js/issues/170"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nprapps/pym.js"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2/20/2018 9:05:59",
          "ID": "CVE-2018-1000086",
          "REQUESTER": "jelosua@npr.org",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573 that can result in Arbitrary javascript code execution. This attack appear to be exploitable via Attacker gains full javascript access to pages with Pym.js embeds when user visits an attacker crafted page.. This vulnerability appears to have been fixed in versions 1.3.2 and later."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html",
              "refsource": "MISC",
              "url": "http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html"
            },
            {
              "name": "https://github.com/nprapps/pym.js/issues/170",
              "refsource": "MISC",
              "url": "https://github.com/nprapps/pym.js/issues/170"
            },
            {
              "name": "https://github.com/nprapps/pym.js",
              "refsource": "MISC",
              "url": "https://github.com/nprapps/pym.js"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000086",
    "datePublished": "2018-03-13T15:00:00",
    "dateReserved": "2018-02-21T00:00:00",
    "dateUpdated": "2024-08-05T12:33:49.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-06882

CVE-2018-1000086 (GCVE-0-2018-1000086)

Tags

Sightings

Nomenclature