CVE-2024-38527 - Vulnerability Details

Link	Providers
https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c
https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38527", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-18T16:37:02.728Z", "datePublished": "2024-06-26T19:33:46.575Z", "dateUpdated": "2024-08-02T04:12:25.179Z"}, "containers": {"cna": {"title": "Cross-site Scripting in ZenUML", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h"}, {"name": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c", "tags": ["x_refsource_MISC"], "url": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c"}], "affected": [{"vendor": "mermaid-js", "product": "zenuml-core", "versions": [{"version": "< 3.23.25", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-26T19:33:46.575Z"}, "descriptions": [{"lang": "en", "value": "ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,"}], "source": {"advisory": "GHSA-q6xv-jm4v-349h", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "mermaidjs", "product": "zenuml-core", "cpes": ["cpe:2.3:a:mermaidjs:zenuml-core:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-27T19:02:31.612648Z", "id": "CVE-2024-38527", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-27T19:04:37.531Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.179Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h"}, {"name": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h", "name": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c", "name": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.179Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38527", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-27T19:02:31.612648Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mermaidjs:zenuml-core:*:*:*:*:*:*:*:*"], "vendor": "mermaidjs", "product": "zenuml-core", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.0.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-27T19:04:29.231Z"}}], "cna": {"title": "Cross-site Scripting in ZenUML", "source": {"advisory": "GHSA-q6xv-jm4v-349h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "mermaid-js", "product": "zenuml-core", "versions": [{"status": "affected", "version": "< 3.23.25"}]}], "references": [{"url": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h", "name": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c", "name": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-26T19:33:46.575Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38527", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:12:25.179Z", "dateReserved": "2024-06-18T16:37:02.728Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-26T19:33:46.575Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,"}, {"lang": "es", "value": "ZenUML es una herramienta de diagramaci\u00f3n basada en JavaScript que no requiere servidor y utiliza definiciones de texto inspiradas en Markdown y un renderizador para crear y modificar diagramas de secuencia. Los comentarios basados en Markdown en la sintaxis del diagrama ZenUML son susceptibles a Cross-site Scripting (XSS). La funci\u00f3n de comentarios permite al usuario adjuntar peque\u00f1as notas como referencia. Esta funci\u00f3n permite al usuario ingresar su comentario en un comentario de markdown, lo que le permite utilizar funciones de markdown comunes, como `**` para texto en negrita. Sin embargo, el texto de markdown actualmente no se sanitiza antes de renderizarlo, lo que permite a un atacante ingresar un payload malicioso para el comentario que conduce a XSS. Esto pone a las aplicaciones existentes que usan ZenUML sin sandbox en riesgo de ejecuci\u00f3n arbitraria de JavaScript al representar diagramas controlados por el usuario. Esta vulnerabilidad fue parcheada en la versi\u00f3n 3.23.25,"}], "id": "CVE-2024-38527", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-06-26T20:15:16.020", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c"}, {"source": "security-advisories@github.com", "url": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object