CVE-2023-26486
CVSS V2 None
CVSS V3 None
Description
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.
Overview
- CVE ID
- CVE-2023-26486
- Assigner
- security-advisories@github.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-04T00:15:15
- Last Modified Date
- 2023-03-09T20:30:30
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:vega-functions_project:vega-functions:*:*:*:*:*:node.js:*:* | 1 | OR | 5.13.1 | |
cpe:2.3:a:vega_project:vega:*:*:*:*:*:node.js:*:* | 1 | OR | 5.23.0 |
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-26486 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26486 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-04-17 05:56:07 | Added to TrackCVE | |||
2023-04-17 05:56:10 | Weakness Enumeration | new |