CVE-2017-1000427
XSS vulnerability in marked (npm)
What is CVE-2017-1000427 About?
This is an XSS vulnerability in the `marked` library, specifically within its `data:` URI parser. Successful exploitation allows for the execution of arbitrary script code in the victim's browser, potentially leading to session hijacking or data theft, and is relatively easy to exploit with crafted input.
Affected Software
Technical Details
The vulnerability exists in marked version 0.3.6 and earlier, impacting its data: URI parser. When processing markdown content, if a data: URI is malformed or crafted in a specific way, the parser fails to properly sanitize or validate the content within the URI. This allows an attacker to inject malicious script code into the rendered output, which is then executed in the context of the user's browser when the markdown is displayed. This bypasses typical content security mechanisms due to the trust placed in data: URIs during parsing.
What is the Impact of CVE-2017-1000427?
Successful exploitation may allow attackers to execute arbitrary client-side scripts, deface web pages, steal sensitive user data, or hijack user sessions.
What is the Exploitability of CVE-2017-1000427?
Exploitation requires an attacker to inject crafted input containing a malicious data: URI into an application that uses the vulnerable marked library to render markdown. This is a client-side vulnerability, meaning the victim's browser executes the malicious script. The complexity is relatively low as it primarily involves string manipulation in the input. No authentication or specific privileges are required on the target server, as the vulnerability is triggered by user-supplied content. The execution is local to the victim's browser. Risk factors include applications that accept and render untrusted markdown content, making user input validation crucial.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2017-1000427?
About the Fix from Resolved Security
Available Upgrade Options
- marked
- <0.3.7 → Upgrade to 0.3.7
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6BJG6RGDH7ZWVVAUFBFI5L32RSMQN2S
- https://snyk.io/vuln/npm:marked:20170112
- https://snyk.io/vuln/npm:marked:20170112
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO2RMVVZVV6NFTU46B5RYRK7ZCXYARZS
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000427
- https://github.com/markedjs/marked
- https://osv.dev/vulnerability/GHSA-7px7-7xjx-hxm8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6BJG6RGDH7ZWVVAUFBFI5L32RSMQN2S/
- https://github.com/advisories/GHSA-7px7-7xjx-hxm8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO2RMVVZVV6NFTU46B5RYRK7ZCXYARZS/
What are Similar Vulnerabilities to CVE-2017-1000427?
Similar Vulnerabilities: CVE-2019-1000007 , CVE-2017-11100 , CVE-2016-10738 , CVE-2018-1000010 , CVE-2017-15091
