Vulnerability-Lookup

CNVD-2020-64593

Vulnerability from cnvd - Published: 2020-11-19

Title

osm-static-maps代码注入漏洞

Description

osm-static-maps是个人开发者的一个类似于谷歌静态地图的Npm库。 osm-static-maps 所有版本存在注入漏洞，该漏洞提供给程序包的用户输入将直接传递到模板，而未能转义。攻击者可利用该漏洞注入任意HTML/JS代码。它会在页面上以HTML格式输出，这为XSS提供了机会，也可以在服务器（操纵up）上呈现，这也为SSRF和本地文件读取提供了机会。

Severity

中

Patch Name

osm-static-maps代码注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/jperelli/osm-static-maps/pull/24

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7749

Impacted products

Name
osm-static-maps osm-static-maps

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7749",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-7749"
    }
  },
  "description": "osm-static-maps\u662f\u4e2a\u4eba\u5f00\u53d1\u8005\u7684\u4e00\u4e2a\u7c7b\u4f3c\u4e8e\u8c37\u6b4c\u9759\u6001\u5730\u56fe\u7684Npm\u5e93\u3002\n\nosm-static-maps \u6240\u6709\u7248\u672c\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u63d0\u4f9b\u7ed9\u7a0b\u5e8f\u5305\u7684\u7528\u6237\u8f93\u5165\u5c06\u76f4\u63a5\u4f20\u9012\u5230\u6a21\u677f\uff0c\u800c\u672a\u80fd\u8f6c\u4e49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fHTML/JS\u4ee3\u7801\u3002\u5b83\u4f1a\u5728\u9875\u9762\u4e0a\u4ee5HTML\u683c\u5f0f\u8f93\u51fa\uff0c\u8fd9\u4e3aXSS\u63d0\u4f9b\u4e86\u673a\u4f1a\uff0c\u4e5f\u53ef\u4ee5\u5728\u670d\u52a1\u5668\uff08\u64cd\u7eb5up\uff09\u4e0a\u5448\u73b0\uff0c\u8fd9\u4e5f\u4e3aSSRF\u548c\u672c\u5730\u6587\u4ef6\u8bfb\u53d6\u63d0\u4f9b\u4e86\u673a\u4f1a\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/jperelli/osm-static-maps/pull/24",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-64593",
  "openTime": "2020-11-19",
  "patchDescription": "osm-static-maps\u662f\u4e2a\u4eba\u5f00\u53d1\u8005\u7684\u4e00\u4e2a\u7c7b\u4f3c\u4e8e\u8c37\u6b4c\u9759\u6001\u5730\u56fe\u7684Npm\u5e93\u3002\r\n\r\nosm-static-maps \u6240\u6709\u7248\u672c\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u63d0\u4f9b\u7ed9\u7a0b\u5e8f\u5305\u7684\u7528\u6237\u8f93\u5165\u5c06\u76f4\u63a5\u4f20\u9012\u5230\u6a21\u677f\uff0c\u800c\u672a\u80fd\u8f6c\u4e49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fHTML/JS\u4ee3\u7801\u3002\u5b83\u4f1a\u5728\u9875\u9762\u4e0a\u4ee5HTML\u683c\u5f0f\u8f93\u51fa\uff0c\u8fd9\u4e3aXSS\u63d0\u4f9b\u4e86\u673a\u4f1a\uff0c\u4e5f\u53ef\u4ee5\u5728\u670d\u52a1\u5668\uff08\u64cd\u7eb5up\uff09\u4e0a\u5448\u73b0\uff0c\u8fd9\u4e5f\u4e3aSSRF\u548c\u672c\u5730\u6587\u4ef6\u8bfb\u53d6\u63d0\u4f9b\u4e86\u673a\u4f1a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "osm-static-maps\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "osm-static-maps osm-static-maps"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7749",
  "serverity": "\u4e2d",
  "submitTime": "2020-10-22",
  "title": "osm-static-maps\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2020-7749 (GCVE-0-2020-7749)

Vulnerability from cvelistv5 – Published: 2020-10-20 10:25 – Updated: 2024-09-16 16:28

Title

Server-side Request Forgery (SSRF)

Summary

This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read.

Severity ?

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:R

CWE

Server-side Request Forgery (SSRF)

Assigner

snyk

References

URL

Tags

	https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637	x_refsource_MISC
	https://github.com/jperelli/osm-static-maps/blob/…	x_refsource_MISC
	https://github.com/jperelli/osm-static-maps/pull/24	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	osm-static-maps	Affected: 0 , < unspecified (custom)

Credits

Vasilii Ermilov

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:41:01.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/jperelli/osm-static-maps/pull/24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "osm-static-maps",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Vasilii Ermilov"
        }
      ],
      "datePublic": "2020-10-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "REASONABLE",
            "scope": "UNCHANGED",
            "temporalScore": 6.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:R",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Server-side Request Forgery (SSRF)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T10:25:26",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jperelli/osm-static-maps/pull/24"
        }
      ],
      "title": "Server-side Request Forgery (SSRF)",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "DATE_PUBLIC": "2020-10-20T10:20:24.998257Z",
          "ID": "CVE-2020-7749",
          "STATE": "PUBLIC",
          "TITLE": "Server-side Request Forgery (SSRF)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "osm-static-maps",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Vasilii Ermilov"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:R",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Server-side Request Forgery (SSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637"
            },
            {
              "name": "https://github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142",
              "refsource": "MISC",
              "url": "https://github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142"
            },
            {
              "name": "https://github.com/jperelli/osm-static-maps/pull/24",
              "refsource": "MISC",
              "url": "https://github.com/jperelli/osm-static-maps/pull/24"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2020-7749",
    "datePublished": "2020-10-20T10:25:26.929315Z",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-09-16T16:28:47.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-64593

CVE-2020-7749 (GCVE-0-2020-7749)

Tags

Sightings

Nomenclature