Vulnerability Details : CVE-2019-20374
A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment.
Vulnerability category: Cross site scripting (XSS)Execute code
Products affected by CVE-2019-20374
- cpe:2.3:a:typora:typora:*:*:*:*:*:*:*:*
- cpe:2.3:a:typora:typora:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-20374
0.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-20374
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.3
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.6
|
6.0
|
MITRE | |
9.6
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
2.8
|
6.0
|
NIST |
CWE ids for CVE-2019-20374
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-20374
-
https://github.com/cure53/DOMPurify/commit/4e8af7b2c4a159b683d317e02c5cbddb86dc4a0e
Added better check for attribute based mXSS · cure53/DOMPurify@4e8af7b · GitHubPatch;Third Party Advisory
-
https://github.com/typora/typora-issues/issues/3124
Typora RCE via mXSS · Issue #3124 · typora/typora-issues · GitHubThird Party Advisory
Jump to