CVE-2021-43861

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-43861

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43861.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-43861

Aliases

GHSA-p3rp-vmj9-gv6v

Related

UBUNTU-CVE-2021-43861

Published

2021-12-30T14:15:07Z

Modified

2024-10-12T08:37:19.821189Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading.

References

Affected packages

Debian:11 / node-mermaid

Package

Name: node-mermaid
Purl: pkg:deb/debian/node-mermaid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.7.0+ds+~cs27.17.17-3+deb11u2

Affected versions

8.*

8.7.0+ds+~cs27.17.17-3

8.7.0+ds+~cs27.17.17-3+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/mermaid-js/mermaid

Affected ranges

Type: GIT
Repo: https://github.com/mermaid-js/mermaid
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

066b7a0d0bda274d94a2f2d21e4323dab5776d83

Affected versions

0.*

0.1.0

0.1.1

0.2.0

0.2.1

0.2.10

0.2.13

0.2.14

0.2.15

0.2.16

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.8

0.2.9

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.4.0

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.5.6

0.5.7

0.5.8

6.*

6.0.0

7.*

7.0.0

7.0.2

7.0.3

7.0.5

8.*

8.1.0

8.10.1

8.11.0

8.11.0-rc2

8.11.1

8.11.2

8.11.3

8.11.4

8.12.0

8.12.1

8.13.0

8.13.1

8.13.2

8.13.3

8.13.4

8.13.5

8.13.6

8.13.7

8.13.8

8.2.0

8.2.1

8.2.2

8.2.3

8.2.4

8.2.5

8.2.6

8.3.0

8.4.0

8.4.1

8.4.2

8.4.3

8.4.4

8.4.6

8.4.8

8.5.1

8.5.2

8.6.0

8.6.2

8.6.3

8.6.4

8.7.0

8.8.0

8.8.1

8.8.2

8.8.3

8.9.0

8.9.1

8.9.2

8.9.3

real-8.*

real-8.13.5

Other

untagged-31c93788afe260d914bb

untagged-502e9410f3e7fd2ed484

untagged-566ebfbf21141b604025

untagged-7651dabb407ecd5631ce

untagged-78173a5e15ffdf8f1e6a

untagged-f43366252632a1a42020

untagged-f83ec2a9deaf6677e0c7

v8.*

v8.8.4