CVE-2023-25572 - OpenCVE

Vendors	Products
Marmelab	Ra-ui-materialui React-admin

Link	Resource
https://github.com/marmelab/react-admin/pull/8644	Exploit Patch
https://github.com/marmelab/react-admin/pull/8645	Patch
https://github.com/marmelab/react-admin/releases/tag/v3.19.12	Release Notes
https://github.com/marmelab/react-admin/releases/tag/v4.7.6	Release Notes
https://github.com/marmelab/react-admin/security/advisories/GHSA-5jcr-82fh-339v	Exploit Mitigation Vendor Advisory

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-25572", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-02-07T17:10:00.739Z", "datePublished": "2023-02-13T20:49:54.340Z", "dateUpdated": "2023-02-13T20:49:54.340Z"}, "containers": {"cna": {"title": "React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/marmelab/react-admin/security/advisories/GHSA-5jcr-82fh-339v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/marmelab/react-admin/security/advisories/GHSA-5jcr-82fh-339v"}, {"name": "https://github.com/marmelab/react-admin/pull/8644", "tags": ["x_refsource_MISC"], "url": "https://github.com/marmelab/react-admin/pull/8644"}, {"name": "https://github.com/marmelab/react-admin/pull/8645", "tags": ["x_refsource_MISC"], "url": "https://github.com/marmelab/react-admin/pull/8645"}, {"name": "https://github.com/marmelab/react-admin/releases/tag/v3.19.12", "tags": ["x_refsource_MISC"], "url": "https://github.com/marmelab/react-admin/releases/tag/v3.19.12"}, {"name": "https://github.com/marmelab/react-admin/releases/tag/v4.7.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/marmelab/react-admin/releases/tag/v4.7.6"}], "affected": [{"vendor": "marmelab", "product": "react-admin", "versions": [{"version": "< 3.19.12", "status": "affected"}, {"version": ">= 4.0.0, < 4.7.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-13T20:49:54.340Z"}, "descriptions": [{"lang": "en", "value": "react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `<RichTextField>` are affected. `<RichTextField>` outputs the field value using `dangerouslySetInnerHTML` without client-side sanitization. If the data isn't sanitized server-side, this opens a possible cross-site scripting (XSS) attack. Versions 3.19.12 and 4.7.6 now use `DOMPurify` to escape the HTML before outputting it with React and `dangerouslySetInnerHTML`. Users who already sanitize HTML data server-side do not need to upgrade. As a workaround, users may replace the `<RichTextField>` by a custom field doing sanitization by hand.\n"}], "source": {"advisory": "GHSA-5jcr-82fh-339v", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:marmelab:ra-ui-materialui:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "6E468540-8158-43F2-A7FF-72D9CE7CDE4B", "versionEndExcluding": "3.9.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:marmelab:ra-ui-materialui:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "8C52A15F-0B9F-4E15-AB29-16295BF42E0B", "versionEndExcluding": "4.7.6", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:marmelab:react-admin:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "FEC7A43C-5BEA-446D-AB0F-E56517457D26", "versionEndExcluding": "3.9.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:marmelab:react-admin:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "280466D9-681F-4DEB-B15E-EAB5B6AD4638", "versionEndExcluding": "4.7.6", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `<RichTextField>` are affected. `<RichTextField>` outputs the field value using `dangerouslySetInnerHTML` without client-side sanitization. If the data isn't sanitized server-side, this opens a possible cross-site scripting (XSS) attack. Versions 3.19.12 and 4.7.6 now use `DOMPurify` to escape the HTML before outputting it with React and `dangerouslySetInnerHTML`. Users who already sanitize HTML data server-side do not need to upgrade. As a workaround, users may replace the `<RichTextField>` by a custom field doing sanitization by hand.\n"}], "id": "CVE-2023-25572", "lastModified": "2023-11-07T04:09:01.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-02-13T21:15:15.550", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/marmelab/react-admin/pull/8644"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/marmelab/react-admin/pull/8645"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/marmelab/react-admin/releases/tag/v3.19.12"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/marmelab/react-admin/releases/tag/v4.7.6"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/marmelab/react-admin/security/advisories/GHSA-5jcr-82fh-339v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

JSON object

JSON object

JSON object