CVE-2022-46180

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-46180

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46180.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-46180

Related

GHSA-8437-hgcm-p3q3

Published

2023-01-04T17:15:08Z

Modified

2025-01-08T04:21:04Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the main branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component.

References

Affected packages

Git / github.com/discourse/discourse-mermaid-theme-component

Affected ranges

Type: GIT
Repo: https://github.com/discourse/discourse-mermaid-theme-component
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c10bc4a08bf865cee20e5d5dffba535762813f0f

Fixed

c10bc4a08bf865cee20e5d5dffba535762813f0f