CVE-2022-48345
XSS vulnerability in sanitize-url (npm)
What is CVE-2022-48345 About?
The `sanitize-url` package (aka `@braintree/sanitize-url`) before version 6.0.1 is vulnerable to Cross-Site Scripting (XSS) via HTML entities. This allows attackers to bypass sanitization and execute arbitrary scripts, leading to potential data compromise or unauthorized actions. Exploitation involves crafting specific inputs that leverage HTML entity encoding to evade security checks.
Affected Software
Technical Details
The sanitize-url utility is designed to prevent malicious URLs from being used by stripping or transforming unsafe schemes and content. However, before version 6.0.1, the component failed to properly handle HTML entities. An attacker could embed malicious JavaScript code within a URL, encoding parts of it using HTML entities (e.g., <script>). When this malformed, but seemingly sanitized, URL was processed and eventually interpreted by a browser or an application component that decodes HTML entities, the embedded script would execute. This bypasses the intended sanitization, leading to an XSS payload delivery.
What is the Impact of CVE-2022-48345?
Successful exploitation may allow attackers to execute arbitrary scripts in the victim's browser, hijack user sessions, deface web content, or redirect users to malicious sites.
What is the Exploitability of CVE-2022-48345?
Exploiting this XSS vulnerability requires an attacker to provide a specially crafted input that utilizes HTML entities to embed malicious script within a URL. The complexity is moderate, as it relies on understanding how the sanitize-url library processes and unescapes inputs. No authentication is typically required on the attacker's part to submit such input to an application that uses the vulnerable library. The exploitation is remote, as the crafted URL is delivered to the victim's browser or an application component that subsequently renders it. Special conditions involve the application rendering URLs processed by the vulnerable sanitize-url library. The risk factor increases if external, untrusted input frequently passes through this sanitization mechanism before being rendered on web pages.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-48345?
Available Upgrade Options
- @braintree/sanitize-url
- <6.0.1 → Upgrade to 6.0.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-q8gg-vj6m-hgmj
- https://github.com/braintree/sanitize-url
- https://github.com/braintree/sanitize-url/commit/d4bdc89f1743fe3cdb7c3f24b06e4c875f349b0c
- https://nvd.nist.gov/vuln/detail/CVE-2022-48345
- https://github.com/braintree/sanitize-url/commit/d4bdc89f1743fe3cdb7c3f24b06e4c875f349b0c
- https://github.com/braintree/sanitize-url/compare/v6.0.1...v6.0.2
- https://github.com/braintree/sanitize-url/compare/v6.0.0...v6.0.1
- https://github.com/braintree/sanitize-url/compare/v6.0.1...v6.0.2
What are Similar Vulnerabilities to CVE-2022-48345?
Similar Vulnerabilities: CVE-2021-23648 , CVE-2022-23461 , CVE-2023-28435 , CVE-2023-38406 , CVE-2023-45136
