← Volver a CVEs
CVE-2021-39175
HIGH8.1
Descripcion
HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading.
Detalles CVE
Puntuacion CVSS v3.18.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado8/30/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
hedgedoc:hedgedoc
Debilidades (CWE)
CWE-74CWE-346CWE-79
Referencias
https://github.com/hedgedoc/hedgedoc/pull/1369(security-advisories@github.com)
https://github.com/hedgedoc/hedgedoc/pull/1375(security-advisories@github.com)
https://github.com/hedgedoc/hedgedoc/pull/1513(security-advisories@github.com)
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697(security-advisories@github.com)
https://github.com/hedgedoc/hedgedoc/pull/1369(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/hedgedoc/hedgedoc/pull/1375(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/hedgedoc/hedgedoc/pull/1513(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.