icon

We found results for “

CVE-2021-43861

Good to know:

icon
icon

Date: December 30, 2021

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading.

Language: JS

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Input Validation

CWE-20

Top Fix

icon

Upgrade Version

Upgrade to version mediawiki/mermaid - dev-dependabot/npm_and_yarn/minimist-1.2.6;mediawiki/mermaid - 3.0.0;mediawiki/mermaid - dev-paladox-patch-2;mediawiki/mermaid - dev-paladox-patch-1;soluble/mediatools - no_fix;soluble/mediatools - 0.1.0;soluble/mediatools - dev-feat/mkdocs-5;noisywinds/laravel-smartmd - v1.0.1;GrazeDocs - no_fix;zxc5802316/larabbs - no_fix;imbSCI.Reporting.Standard - 0.3.25;senasgr-eth/laravel-kodexplorer - no_fix;terrylinooo/wp-mermaid - 1.0.2;soluble/japha - 2.1.0;soluble/japha - dev-pre5.6_0.13.0;soluble/japha - 0.9.2;MermaidJS.Blazor - no_fix;MermaidJS.Blazor - 1.1.0-preview.12;Wyam.Docs.Samson - 2.1.3;Wyam.Docs.Samson - 2.2.5;PSC.Blazor.Components.MarkdownEditor - 8.0.2;salsa - no_fix;cargo - 1.57.0;cargo - no_fix;mermaid - 8.13.8;avzer/cherry-markdown - 0.9.0;polkadot - 21.1.0;libstd-rs - 1.57.0;terrylinooo/githuber-md - 1.16.0;terrylinooo/githuber-md - dev-fix-security-issue-20231209;StardustDL.RazorComponents.Markdown - no_fix;soarce/application - 0.1.0;jaxson-wang/wp-editor.md - v10.1.1;tianfuunion/mark-explorer - no_fix;org.webjars.npm:mermaid:8.4.5;org.webjars.npm:mermaid:8.13.8;io.quarkus:quarkus-vertx-http-deployment:2.8.0.CR1;io.quarkus:quarkus-vertx-http-deployment:2.7.6.Final;io.quarkus:quarkus-vertx-http-deployment:2.7.7.Final;org.webjars.npm:github-com-knsv-mermaid:no_fix;org.webjars.bower:mermaid:8.2.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): SINGLE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us