CVE-2022-25863 - Vulnerability Details - OpenCVE

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00676.

Key SSVC decision points have not yet been added.

Vendors	Products
Gatsbyjs	Gatsby

Configuration 1 [-]

OR	cpe:2.3:a:gatsbyjs:gatsby::::::node.js::*
	cpe:2.3:a:gatsbyjs:gatsby::::::node.js::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing
https://github.com/gatsbyjs/gatsby/pull/35830
https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e
https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-06-10T20:00:19.275131Z

Updated: 2024-09-17T00:31:34.621Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-25863

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-06-10T20:15:08.227

Modified: 2024-11-21T06:53:08.003

Link: CVE-2022-25863

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "gatsby-plugin-mdx", "vendor": "n/a", "versions": [{"lessThan": "2.14.1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "3.0.0", "versionType": "custom"}, {"lessThan": "3.15.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Feng Xiao and Zhongfu Su"}], "datePublic": "2022-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.7, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Deserialization of Untrusted Data", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-10T20:00:19", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699"}, {"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gatsbyjs/gatsby/pull/35830"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e"}], "title": "Deserialization of Untrusted Data", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2022-06-10T20:00:07.103333Z", "ID": "CVE-2022-25863", "STATE": "PUBLIC", "TITLE": "Deserialization of Untrusted Data"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "gatsby-plugin-mdx", "version": {"version_data": [{"version_affected": "<", "version_value": "2.14.1"}, {"version_affected": ">=", "version_value": "3.0.0"}, {"version_affected": "<", "version_value": "3.15.2"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Feng Xiao and Zhongfu Su"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Deserialization of Untrusted Data"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699"}, {"name": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing", "refsource": "MISC", "url": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing"}, {"name": "https://github.com/gatsbyjs/gatsby/pull/35830", "refsource": "MISC", "url": "https://github.com/gatsbyjs/gatsby/pull/35830"}, {"name": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e", "refsource": "MISC", "url": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:49:44.144Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gatsbyjs/gatsby/pull/35830"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-25863", "datePublished": "2022-06-10T20:00:19.275131Z", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2024-09-17T00:31:34.621Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gatsbyjs:gatsby:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "99A9A537-8856-4B7E-A166-3A3D22893854", "versionEndExcluding": "2.14.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gatsbyjs:gatsby:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "87A183A9-82D6-47A9-937D-5A16291CF859", "versionEndExcluding": "3.15.2", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing."}, {"lang": "es", "value": "El paquete gatsby-plugin-mdx versiones anteriores a 2.14.1, a partir de la 3.0.0 y anteriores a 3.15.2, es vulnerable a una Deserializaci\u00f3n de Datos No Confiables cuando es pasada la entrada mediante el paquete gray-matter, debido a sus configuraciones por defecto que carecen de saneo de entrada. La explotaci\u00f3n de esta vulnerabilidad es posible cuando es pasada la entrada tanto en modo webpack (archivos MDX en src/pages o archivo MDX importado como componente en c\u00f3digo frontend / React) como en modo datos (consulta de nodos MDX por medio de GraphQL). Mitigaci\u00f3n: Si es debido usar una versi\u00f3n anterior de gatsby-plugin-mdx, la entrada que es pasada al plugin debe ser saneada antes del procesamiento"}], "id": "CVE-2022-25863", "lastModified": "2024-11-21T06:53:08.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "report@snyk.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-10T20:15:08.227", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing"}, {"source": "report@snyk.io", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/gatsbyjs/gatsby/pull/35830"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/gatsbyjs/gatsby/pull/35830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}