CVE-2019-20374

A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment.

CVSS v3 9.6 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/cure53/DOMPurify/commit/4e8af7b2c4a159b683d317e02c5cbddb86dc4a0e	Patch Third Party Advisory
https://github.com/typora/typora-issues/issues/3124	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:typora:typora:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:typora:typora:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

History

08 Sep 2021, 17:22

Type	Values Removed	Values Added
CPE	cpe:2.3:o:apple:mac_os:-:::::::*	cpe:2.3:o:apple:macos:-:::::::*

Information

Published : 2020-01-09 23:15

Updated : 2024-02-04 20:39

NVD link : CVE-2019-20374

Mitre link : CVE-2019-20374

CVE.ORG link : CVE-2019-20374

JSON object : View

Products Affected

apple

macos

linux

linux_kernel

typora

typora

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2019-20374", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2020-01-09T23:15:10.367", "references": [{"url": "https://github.com/cure53/DOMPurify/commit/4e8af7b2c4a159b683d317e02c5cbddb86dc4a0e", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/typora/typora-issues/issues/3124", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment."}, {"lang": "es", "value": "Un problema de mutaci\u00f3n de tipo cross-site scripting (XSS) en Typora versiones hasta 0.9.9.31.2 en macOS y versiones hasta 0.9.81 en Linux, conlleva a una Ejecuci\u00f3n de C\u00f3digo Remota por medio de bloques de c\u00f3digo de Mermaid. Para explotar esta vulnerabilidad, uno necesita abrir un archivo en Typora. La vulnerabilidad de tipo XSS es entonces desencadenada debido al saneamiento inapropiado de HTML. Dado que la aplicaci\u00f3n es basada en el framework Electron, la vulnerabilidad de tipo XSS conlleva a una ejecuci\u00f3n de c\u00f3digo remota en un entorno sin sandbox."}], "lastModified": "2021-09-08T17:22:35.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typora:typora:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E150220E-EC72-4C16-A3A7-B22F8092F693", "versionEndIncluding": "0.9.81"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typora:typora:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFE9D2EA-01B2-461D-B227-1566D882C4C1", "versionEndIncluding": "0.9.9.31.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}