
We found results for “”
CVE-2021-43861
Good to know:


Date: December 30, 2021
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading.
Language: JS
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version mediawiki/mermaid - dev-dependabot/npm_and_yarn/minimist-1.2.6;mediawiki/mermaid - 3.0.0;mediawiki/mermaid - dev-paladox-patch-2;mediawiki/mermaid - dev-paladox-patch-1;soluble/mediatools - no_fix;soluble/mediatools - 0.1.0;soluble/mediatools - dev-feat/mkdocs-5;noisywinds/laravel-smartmd - v1.0.1;GrazeDocs - no_fix;zxc5802316/larabbs - no_fix;imbSCI.Reporting.Standard - 0.3.25;senasgr-eth/laravel-kodexplorer - no_fix;terrylinooo/wp-mermaid - 1.0.2;soluble/japha - 2.1.0;soluble/japha - dev-pre5.6_0.13.0;soluble/japha - 0.9.2;MermaidJS.Blazor - no_fix;MermaidJS.Blazor - 1.1.0-preview.12;Wyam.Docs.Samson - 2.1.3;Wyam.Docs.Samson - 2.2.5;PSC.Blazor.Components.MarkdownEditor - 8.0.2;salsa - no_fix;cargo - 1.57.0;cargo - no_fix;mermaid - 8.13.8;avzer/cherry-markdown - 0.9.0;polkadot - 21.1.0;libstd-rs - 1.57.0;terrylinooo/githuber-md - 1.16.0;terrylinooo/githuber-md - dev-fix-security-issue-20231209;StardustDL.RazorComponents.Markdown - no_fix;soarce/application - 0.1.0;jaxson-wang/wp-editor.md - v10.1.1;tianfuunion/mark-explorer - no_fix;org.webjars.npm:mermaid:8.4.5;org.webjars.npm:mermaid:8.13.8;io.quarkus:quarkus-vertx-http-deployment:2.8.0.CR1;io.quarkus:quarkus-vertx-http-deployment:2.7.6.Final;io.quarkus:quarkus-vertx-http-deployment:2.7.7.Final;org.webjars.npm:github-com-knsv-mermaid:no_fix;org.webjars.bower:mermaid:8.2.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | SINGLE |
Confidentiality (C): | NONE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |