CVE-2021-43787

29.11.2021, 20:15

Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9 CRITICAL	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
GitHub_M	CNA	9 CRITICAL	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 59%

Vendor	Product	Version
nodebb	nodebb	1.15.5 ≤ 𝑥 ≤ 1.18.4

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/

https://github.com/NodeBB/NodeBB/commit/1783f918bc19568f421473824461ff2ed7755e4c

https://github.com/NodeBB/NodeBB/releases/tag/v1.18.5

https://github.com/NodeBB/NodeBB/security/advisories/GHSA-wx69-rvg3-x7fc

https://blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/

https://github.com/NodeBB/NodeBB/commit/1783f918bc19568f421473824461ff2ed7755e4c

https://github.com/NodeBB/NodeBB/releases/tag/v1.18.5

https://github.com/NodeBB/NodeBB/security/advisories/GHSA-wx69-rvg3-x7fc