CVE-2022-36036 - Vulnerability Details - OpenCVE

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Mdx-mermaid Project	Mdx-mermaid

Configuration 1 [-]

OR	cpe:2.3:a:mdx-mermaid_project:mdx-mermaid::::::node.js::*
	cpe:2.3:a:mdx-mermaid_project:mdx-mermaid:2.0.0:rc1::::node.js::*

No data.

References

Link	Providers
https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a
https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628

History

Tue, 22 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-08-29T17:20:10.000Z

Updated: 2025-04-22T17:41:03.862Z

Reserved: 2022-07-15T00:00:00.000Z

Link: CVE-2022-36036

Vulnrichment

Updated: 2024-08-03T09:52:00.316Z

NVD

Status : Modified

Published: 2022-08-29T18:15:09.803

Modified: 2024-11-21T07:12:14.183

Link: CVE-2022-36036

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "mdx-mermaid", "vendor": "sjwall", "versions": [{"status": "affected", "version": "< 1.3.0"}, {"status": "affected", "version": "= 2.0.0-rc1"}]}], "descriptions": [{"lang": "en", "value": "mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-29T17:20:09.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a"}], "source": {"advisory": "GHSA-rvgm-35jw-q628", "discovery": "UNKNOWN"}, "title": "Improper Control of Generation of Code ('Code Injection') in mdx-mermaid", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-36036", "STATE": "PUBLIC", "TITLE": "Improper Control of Generation of Code ('Code Injection') in mdx-mermaid"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "mdx-mermaid", "version": {"version_data": [{"version_value": "< 1.3.0"}, {"version_value": "= 2.0.0-rc1"}]}}]}, "vendor_name": "sjwall"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628", "refsource": "CONFIRM", "url": "https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628"}, {"name": "https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a", "refsource": "MISC", "url": "https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a"}]}, "source": {"advisory": "GHSA-rvgm-35jw-q628", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:52:00.316Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T15:44:51.517210Z", "id": "CVE-2022-36036", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T17:41:03.862Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-36036", "datePublished": "2022-08-29T17:20:10.000Z", "dateReserved": "2022-07-15T00:00:00.000Z", "dateUpdated": "2025-04-22T17:41:03.862Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:52:00.316Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-36036", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-22T15:44:51.517210Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:44:53.776Z"}}], "cna": {"title": "Improper Control of Generation of Code ('Code Injection') in mdx-mermaid", "source": {"advisory": "GHSA-rvgm-35jw-q628", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "sjwall", "product": "mdx-mermaid", "versions": [{"status": "affected", "version": "< 1.3.0"}, {"status": "affected", "version": "= 2.0.0-rc1"}]}], "references": [{"url": "https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-08-29T17:20:09.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, "source": {"advisory": "GHSA-rvgm-35jw-q628", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "< 1.3.0"}, {"version_value": "= 2.0.0-rc1"}]}, "product_name": "mdx-mermaid"}]}, "vendor_name": "sjwall"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628", "name": "https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628", "refsource": "CONFIRM"}, {"url": "https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a", "name": "https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-36036", "STATE": "PUBLIC", "TITLE": "Improper Control of Generation of Code ('Code Injection') in mdx-mermaid", "ASSIGNER": "security-advisories@github.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-36036", "state": "PUBLISHED", "dateUpdated": "2025-04-22T17:41:03.862Z", "dateReserved": "2022-07-15T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-08-29T17:20:10.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mdx-mermaid_project:mdx-mermaid:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "EAACA527-0571-4D6F-B8A5-BB7894496B0B", "versionEndExcluding": "1.3.0", "versionStartIncluding": "0.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mdx-mermaid_project:mdx-mermaid:2.0.0:rc1:*:*:*:node.js:*:*", "matchCriteriaId": "1272C1E9-F4A5-4D37-B873-C38A103C93A7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds."}, {"lang": "es", "value": "mdx-mermaid proporciona acceso plug and play a Mermaid en MDX. Se presenta la posibilidad de una inyecci\u00f3n arbitraria de javascript en versiones inferiores a 1.3.0 y 2.0.0-rc1. Modificar cualquier bloque de c\u00f3digo de Mermaid con c\u00f3digo arbitrario y ser\u00e1 ejecutado cuando el componente sea cargado por MDXjs. Esta vulnerabilidad fue parcheada en versiones 1.3.0 y 2.0.0-rc2. Actualmente no se presentan mitigaciones conocidas"}], "id": "CVE-2022-36036", "lastModified": "2024-11-21T07:12:14.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-29T18:15:09.803", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sjwall/mdx-mermaid/security/advisories/GHSA-rvgm-35jw-q628"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Secondary"}]}