Vulnerability-Lookup

CNVD-2021-47372

Vulnerability from cnvd - Published: 2021-07-05

Title

Haml跨站脚本漏洞（CNVD-2021-47372）

Description

haml是Haml（HAML）团队的一款开源的HTML抽象标记语言。 haml-coffee存在跨站脚本漏洞，haml-coffee支持通过其配置选项覆盖一系列HTML助手函数。通过模板配置污染对escapeHtml参数的控制确保了haml-coffee不会清除可能导致Cross Si的模板输入。目前没有详细的漏洞细节提供。

Severity

低

Patch Name

Haml跨站脚本漏洞（CNVD-2021-47372）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://securitylab.github.com/advisories/GHSL-2021-025-haml-coffee/

Reference

https://securitylab.github.com/advisories/GHSL-2021-025-haml-coffee/

Impacted products

Name
Haml haml

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-32818",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-32818"
    }
  },
  "description": "haml\u662fHaml\uff08HAML\uff09\u56e2\u961f\u7684\u4e00\u6b3e\u5f00\u6e90\u7684HTML\u62bd\u8c61\u6807\u8bb0\u8bed\u8a00\u3002\n\nhaml-coffee\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0chaml-coffee\u652f\u6301\u901a\u8fc7\u5176\u914d\u7f6e\u9009\u9879\u8986\u76d6\u4e00\u7cfb\u5217HTML\u52a9\u624b\u51fd\u6570\u3002\u901a\u8fc7\u6a21\u677f\u914d\u7f6e\u6c61\u67d3\u5bf9escapeHtml\u53c2\u6570\u7684\u63a7\u5236\u786e\u4fdd\u4e86haml-coffee\u4e0d\u4f1a\u6e05\u9664\u53ef\u80fd\u5bfc\u81f4Cross Si\u7684\u6a21\u677f\u8f93\u5165\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://securitylab.github.com/advisories/GHSL-2021-025-haml-coffee/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-47372",
  "openTime": "2021-07-05",
  "patchDescription": "haml\u662fHaml\uff08HAML\uff09\u56e2\u961f\u7684\u4e00\u6b3e\u5f00\u6e90\u7684HTML\u62bd\u8c61\u6807\u8bb0\u8bed\u8a00\u3002\r\n\r\nhaml-coffee\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0chaml-coffee\u652f\u6301\u901a\u8fc7\u5176\u914d\u7f6e\u9009\u9879\u8986\u76d6\u4e00\u7cfb\u5217HTML\u52a9\u624b\u51fd\u6570\u3002\u901a\u8fc7\u6a21\u677f\u914d\u7f6e\u6c61\u67d3\u5bf9escapeHtml\u53c2\u6570\u7684\u63a7\u5236\u786e\u4fdd\u4e86haml-coffee\u4e0d\u4f1a\u6e05\u9664\u53ef\u80fd\u5bfc\u81f4Cross Si\u7684\u6a21\u677f\u8f93\u5165\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Haml\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-47372\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Haml haml"
  },
  "referenceLink": "https://securitylab.github.com/advisories/GHSL-2021-025-haml-coffee/",
  "serverity": "\u4f4e",
  "submitTime": "2021-07-01",
  "title": "Haml\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-47372\uff09"
}

CVE-2021-32818 (GCVE-0-2021-32818)

Vulnerability from cvelistv5 – Published: 2021-05-14 18:20 – Updated: 2024-08-03 23:33

Title

Remote code execution and Reflected cross site scripting in haml-coffee

Summary

haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application that passes user controlled request objects to the haml-coffee template engine may introduce RCE vulnerabilities. Additionally control over the escapeHtml parameter through template configuration pollution ensures that haml-coffee would not sanitize template inputs that may result in reflected Cross Site Scripting attacks against downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of haml-coffee is currently 1.14.1. For complete details refer to the referenced GHSL-2021-025.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (XSS)

Assigner

GitHub_M

References

URL

Tags

	https://securitylab.github.com/advisories/GHSL-20…	x_refsource_CONFIRM
	https://www.npmjs.com/package/haml-coffee	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	netzpirat	haml-coffee	Affected: <= 1.14.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:55.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://securitylab.github.com/advisories/GHSL-2021-025-haml-coffee/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.npmjs.com/package/haml-coffee"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "haml-coffee",
          "vendor": "netzpirat",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.14.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application that passes user controlled request objects to the haml-coffee template engine may introduce RCE vulnerabilities. Additionally control over the escapeHtml parameter through template configuration pollution ensures that haml-coffee would not sanitize template inputs that may result in reflected Cross Site Scripting attacks against downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of haml-coffee is currently 1.14.1. For complete details refer to the referenced GHSL-2021-025."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-14T18:20:18",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securitylab.github.com/advisories/GHSL-2021-025-haml-coffee/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.npmjs.com/package/haml-coffee"
        }
      ],
      "source": {
        "advisory": "GHSL-2021-025",
        "discovery": "UNKNOWN"
      },
      "title": "Remote code execution and Reflected cross site scripting in haml-coffee",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32818",
          "STATE": "PUBLIC",
          "TITLE": "Remote code execution and Reflected cross site scripting in haml-coffee"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "haml-coffee",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 1.14.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "netzpirat"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application that passes user controlled request objects to the haml-coffee template engine may introduce RCE vulnerabilities. Additionally control over the escapeHtml parameter through template configuration pollution ensures that haml-coffee would not sanitize template inputs that may result in reflected Cross Site Scripting attacks against downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of haml-coffee is currently 1.14.1. For complete details refer to the referenced GHSL-2021-025."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://securitylab.github.com/advisories/GHSL-2021-025-haml-coffee/",
              "refsource": "CONFIRM",
              "url": "https://securitylab.github.com/advisories/GHSL-2021-025-haml-coffee/"
            },
            {
              "name": "https://www.npmjs.com/package/haml-coffee",
              "refsource": "MISC",
              "url": "https://www.npmjs.com/package/haml-coffee"
            }
          ]
        },
        "source": {
          "advisory": "GHSL-2021-025",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-32818",
    "datePublished": "2021-05-14T18:20:18",
    "dateReserved": "2021-05-12T00:00:00",
    "dateUpdated": "2024-08-03T23:33:55.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-47372

CVE-2021-32818 (GCVE-0-2021-32818)

Tags

Sightings

Nomenclature