Vulnerability-Lookup

CVE-2023-23619 (GCVE-0-2023-23619)

Vulnerability from cvelistv5 – Published: 2023-01-26 10:42 – Updated: 2025-03-10 21:19

Title

Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Summary

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer's GitHub Security Advisory (GHSA) noting "It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior." The suggested workaround from the maintainers is "Fully custom presets that change the entire rendering process which can then escape the user input."

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

GitHub_M

References

URL

Tags

https://github.com/asyncapi/modelina/security/adv…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	asyncapi	modelina	Affected: < 1.0.0

Show details on NVD website

JSON

To clipboard Create KEV Entry

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:35:33.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-23619",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-10T21:01:00.504071Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-10T21:19:14.012Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "modelina",
          "vendor": "asyncapi",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer\u0027s GitHub Security Advisory (GHSA) noting \"It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior.\" The suggested workaround from the maintainers is \"Fully custom presets that change the entire rendering process which can then escape the user input.\""
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-26T10:42:51.404Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95"
        }
      ],
      "source": {
        "advisory": "GHSA-4jg2-84c2-pj95",
        "discovery": "UNKNOWN"
      },
      "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027) in @asyncapi/modelina"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-23619",
    "datePublished": "2023-01-26T10:42:51.404Z",
    "dateReserved": "2023-01-16T17:07:46.243Z",
    "dateUpdated": "2025-03-10T21:19:14.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23619\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-01-26T21:18:15.217\",\"lastModified\":\"2024-11-21T07:46:32.833\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer\u0027s GitHub Security Advisory (GHSA) noting \\\"It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior.\\\" The suggested workaround from the maintainers is \\\"Fully custom presets that change the entire rendering process which can then escape the user input.\\\"\"},{\"lang\":\"es\",\"value\":\"Modelina es una librer\u00eda para generar modelos de datos basados en entradas como documentos AsyncAPI, OpenAPI o JSON Schema. Las versiones anteriores a la 1.0.0 son vulnerables a la inyecci\u00f3n de c\u00f3digo. Este problema afecta a cualquiera que utilice los ajustes preestablecidos predeterminados y/o no maneje la funcionalidad por s\u00ed mismo. Este problema se ha mitigado parcialmente en la versi\u00f3n 1.0.0, y el GitHub Security Advisory (GHSA) del fabricante se\u00f1ala: \\\"Es imposible protegerse completamente contra esto, porque los usuarios tienen acceso a la informaci\u00f3n sin procesar original. Sin embargo, a partir de la versi\u00f3n 1, si solo accede a los modelos restringidos, no encontrar\u00e1 este problema. Otras situaciones similares NO se consideran un problema de seguridad, sino un comportamiento previsto\\\". La soluci\u00f3n sugerida por los fabricantees es \\\"Preajustes totalmente personalizados que cambian todo el proceso de renderizado y luego pueden escapar de la entrada del usuario\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lfprojects:modelina:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.0.0\",\"matchCriteriaId\":\"0A2550E7-A8E5-4013-ADA2-0903399206DD\"}]}]}],\"references\":[{\"url\":\"https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95\", \"name\": \"https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:35:33.603Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23619\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-10T21:01:00.504071Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-10T21:01:02.276Z\"}}], \"cna\": {\"title\": \"Improper Control of Generation of Code (\u0027Code Injection\u0027) in @asyncapi/modelina\", \"source\": {\"advisory\": \"GHSA-4jg2-84c2-pj95\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"asyncapi\", \"product\": \"modelina\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.0.0\"}]}], \"references\": [{\"url\": \"https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95\", \"name\": \"https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer\u0027s GitHub Security Advisory (GHSA) noting \\\"It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior.\\\" The suggested workaround from the maintainers is \\\"Fully custom presets that change the entire rendering process which can then escape the user input.\\\"\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-01-26T10:42:51.404Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-23619\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-10T21:19:14.012Z\", \"dateReserved\": \"2023-01-16T17:07:46.243Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-01-26T10:42:51.404Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2023-23619

Vulnerability from fkie_nvd - Published: 2023-01-26 21:18 - Updated: 2024-11-21 07:46

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	lfprojects	modelina	*

JSON

To clipboard Create KEV Entry

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lfprojects:modelina:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "0A2550E7-A8E5-4013-ADA2-0903399206DD",
              "versionEndExcluding": "1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer\u0027s GitHub Security Advisory (GHSA) noting \"It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior.\" The suggested workaround from the maintainers is \"Fully custom presets that change the entire rendering process which can then escape the user input.\""
    },
    {
      "lang": "es",
      "value": "Modelina es una librer\u00eda para generar modelos de datos basados en entradas como documentos AsyncAPI, OpenAPI o JSON Schema. Las versiones anteriores a la 1.0.0 son vulnerables a la inyecci\u00f3n de c\u00f3digo. Este problema afecta a cualquiera que utilice los ajustes preestablecidos predeterminados y/o no maneje la funcionalidad por s\u00ed mismo. Este problema se ha mitigado parcialmente en la versi\u00f3n 1.0.0, y el GitHub Security Advisory (GHSA) del fabricante se\u00f1ala: \"Es imposible protegerse completamente contra esto, porque los usuarios tienen acceso a la informaci\u00f3n sin procesar original. Sin embargo, a partir de la versi\u00f3n 1, si solo accede a los modelos restringidos, no encontrar\u00e1 este problema. Otras situaciones similares NO se consideran un problema de seguridad, sino un comportamiento previsto\". La soluci\u00f3n sugerida por los fabricantees es \"Preajustes totalmente personalizados que cambian todo el proceso de renderizado y luego pueden escapar de la entrada del usuario\"."
    }
  ],
  "id": "CVE-2023-23619",
  "lastModified": "2024-11-21T07:46:32.833",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-26T21:18:15.217",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GSD-2023-23619

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-23619

Aliases

CVE-2023-23619

JSON

To clipboard Create KEV Entry

{
  "GSD": {
    "alias": "CVE-2023-23619",
    "id": "GSD-2023-23619"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-23619"
      ],
      "details": "Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer\u0027s GitHub Security Advisory (GHSA) noting \"It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior.\" The suggested workaround from the maintainers is \"Fully custom presets that change the entire rendering process which can then escape the user input.\"",
      "id": "GSD-2023-23619",
      "modified": "2023-12-13T01:20:49.607383Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-23619",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "modelina",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 1.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "asyncapi"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer\u0027s GitHub Security Advisory (GHSA) noting \"It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior.\" The suggested workaround from the maintainers is \"Fully custom presets that change the entire rendering process which can then escape the user input.\""
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-94",
                "lang": "eng",
                "value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95",
            "refsource": "MISC",
            "url": "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-4jg2-84c2-pj95",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.0.0",
          "affected_versions": "All versions before 1.0.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2023-02-06",
          "description": "Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 is vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer\u0027s GitHub Security Advisory (GHSA) noting \"It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior.\" The suggested workaround from the maintainers is \"Fully custom presets that change the entire rendering process which can then escape the user input.\"",
          "fixed_versions": [
            "1.0.0"
          ],
          "identifier": "CVE-2023-23619",
          "identifiers": [
            "CVE-2023-23619",
            "GHSA-4jg2-84c2-pj95"
          ],
          "not_impacted": "All versions starting from 1.0.0",
          "package_slug": "npm/@asyncapi/modelina",
          "pubdate": "2023-01-26",
          "solution": "Upgrade to version 1.0.0 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-23619",
            "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95"
          ],
          "uuid": "73babfff-1a09-4e5c-8930-24d793bfee12"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lfprojects:modelina:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-23619"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer\u0027s GitHub Security Advisory (GHSA) noting \"It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior.\" The suggested workaround from the maintainers is \"Fully custom presets that change the entire rendering process which can then escape the user input.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-06T19:43Z",
      "publishedDate": "2023-01-26T21:18Z"
    }
  }
}

GHSA-4JG2-84C2-PJ95

Vulnerability from github – Published: 2021-09-21 18:41 – Updated: 2023-01-26 21:57

Summary

Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Details

Impact

Anyone who is using the default presets and/or does not handle the functionality themself.

Patches

It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue.

Further similar situations are NOT seen as a security issue, but intended behavior.

Workarounds

Fully custom presets that change the entire rendering process which can then escape the user input.

For more information

Even though that I changed all the presets here, the vulnerability is still present throughout. I am using a JSON Schema here for simplicity.

const jsonSchemaDoc = {
  $id: 'CustomClass',
  type: 'object',
  properties: {
      'property: any; \n constructor(){console.log("injected")} \n private _temp': { type: 'string' },
  }
};
generator = new TypeScriptGenerator(
  { 
    presets: [
      {
        class: {
            property({ propertyName, content }) {
              return `private ${propertyName}: any;`;
            },
            ctor() {
              return '';
            },
            getter() {
              return '';
            },
            setter() {
              return '';
            }
        }
      }
    ]
  }
);
const inputModel = await generator.process(jsonSchemaDoc);

This would render

export class CustomClass {
  private property: any; 
   constructor(){console.log("injected")} 
   private _temp: any;
  private additionalProperties: any;
}

Severity ?

9.9 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@asyncapi/modelina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-23619"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-21T16:14:04Z",
    "nvd_published_at": "2023-01-26T21:18:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nAnyone who is using the default presets and/or does not handle the functionality themself.\n\n### Patches\nIt is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue.\n\nFurther similar situations are NOT seen as a security issue, but intended behavior.\n\n### Workarounds\nFully custom presets that change the entire rendering process which can then escape the user input.\n\n### For more information\nEven though that I changed all the presets here, the vulnerability is still present throughout. I am using a JSON Schema here for simplicity.\n```ts\nconst jsonSchemaDoc = {\n  $id: \u0027CustomClass\u0027,\n  type: \u0027object\u0027,\n  properties: {\n      \u0027property: any; \\n constructor(){console.log(\"injected\")} \\n private _temp\u0027: { type: \u0027string\u0027 },\n  }\n};\ngenerator = new TypeScriptGenerator(\n  { \n    presets: [\n      {\n        class: {\n            property({ propertyName, content }) {\n              return `private ${propertyName}: any;`;\n            },\n            ctor() {\n              return \u0027\u0027;\n            },\n            getter() {\n              return \u0027\u0027;\n            },\n            setter() {\n              return \u0027\u0027;\n            }\n        }\n      }\n    ]\n  }\n);\nconst inputModel = await generator.process(jsonSchemaDoc);\n```\nThis would render\n```ts\nexport class CustomClass {\n  private property: any; \n   constructor(){console.log(\"injected\")} \n   private _temp: any;\n  private additionalProperties: any;\n}\n```",
  "id": "GHSA-4jg2-84c2-pj95",
  "modified": "2023-01-26T21:57:36Z",
  "published": "2021-09-21T18:41:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23619"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/asyncapi/modelina"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Control of Generation of Code (\u0027Code Injection\u0027) in @asyncapi/modelina"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-23619 (GCVE-0-2023-23619)

FKIE_CVE-2023-23619

GSD-2023-23619

GHSA-4JG2-84C2-PJ95

Impact

Patches

Workarounds

For more information

Tags

Sightings

Nomenclature