CVE-2024-10491
Cross-site Scripting (XSS) vulnerability in express (npm)
What is CVE-2024-10491 About?
This Cross-site Scripting (XSS) vulnerability exists in 'markdown-to-jsx' versions prior to 7.4.0 due to improper input sanitization of the 'src' property. An attacker can inject malicious HTML, specifically an 'iframe' element, to execute arbitrary code. Exploitation is relatively straightforward given the lack of sanitization.
Affected Software
Technical Details
The vulnerability stems from insufficient input sanitization in 'markdown-to-jsx' when processing the 'src' property. Specifically, if a user provides Markdown input that includes an 'iframe' element with a malicious 'src' attribute, the 'markdown-to-jsx' parser fails to properly sanitize or escape this input. As a result, when the Markdown is rendered, the browser executes the content specified in the malicious 'iframe src', leading to arbitrary code execution in the context of the user's browser. This is a client-side vulnerability where the attacker controls the input rendered by the vulnerable library.
What is the Impact of CVE-2024-10491?
Successful exploitation may allow attackers to steal session cookies, deface web pages, redirect users to malicious sites, or perform actions on behalf of the victim.
What is the Exploitability of CVE-2024-10491?
Exploitation involves injecting a specially crafted Markdown string containing a malicious 'iframe' element. The complexity is low, as it relies on the library's failure to sanitize specific input attributes. No authentication or specific privileges are typically required beyond the ability to submit content that will be processed by the vulnerable 'markdown-to-jsx' library. This is a client-side attack, meaning the attacker provides the payload that the user's browser renders, making it a remote exploitation scenario. The risk is heightened in applications that allow untrusted users to provide Markdown content.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-10491?
Available Upgrade Options
- express
- <4.0.0-rc1 → Upgrade to 4.0.0-rc1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/expressjs/express/issues/6222
- https://www.herodevs.com/vulnerability-directory/cve-2024-10491
- https://nvd.nist.gov/vuln/detail/CVE-2024-10491
- https://www.herodevs.com/vulnerability-directory/cve-2024-10491
- https://github.com/expressjs/express
- https://osv.dev/vulnerability/GHSA-cm5g-3pgc-8rg4
What are Similar Vulnerabilities to CVE-2024-10491?
Similar Vulnerabilities: CVE-2023-49272 , CVE-2023-49271 , CVE-2023-49273 , CVE-2023-49270 , CVE-2023-49269
