ghsa-vr85-5pwx-c6gq
Vulnerability from github
Published
2024-05-21 14:33
Modified
2024-05-21 15:39
Severity ?
VLAI Severity ?
Summary
OMERO.web must check that the JSONP callback is a valid function
Details
Background
There is currently no escaping or validation of the callback
parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is /webclient/imgData/...
. As we only really use these endpoints with jQuery's own callback name generation ^1 it is quite difficult or even impossible to exploit this in vanilla OMERO.web. However, these metadata endpoints are likely to be used by many plugins.
Impact
OMERO.web before 5.25.0
Patches
Users should upgrade to 5.26.0 or higher
Workarounds
None
References
- https://stackoverflow.com/questions/2777021/do-i-need-to-sanitize-the-callback-parameter-from-a-jsonp-call
- https://stackoverflow.com/questions/1661197/what-characters-are-valid-for-javascript-variable-names
For more information If you have any questions or comments about this advisory:
Open an issue in omero-web Email us at security@openmicroscopy.org
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "omero-web" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "5.26.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-35180" ], "database_specific": { "cwe_ids": [ "CWE-830" ], "github_reviewed": true, "github_reviewed_at": "2024-05-21T14:33:23Z", "nvd_published_at": "2024-05-21T13:15:08Z", "severity": "MODERATE" }, "details": "### Background\n\nThere is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is `/webclient/imgData/...`. As we only really use these endpoints with jQuery\u0027s own callback name generation [^1] it is quite difficult or even impossible to exploit this in vanilla OMERO.web. However, these metadata endpoints are likely to be used by many plugins.\n\n[^1]: https://learn.jquery.com/ajax/working-with-jsonp/\n\n### Impact\nOMERO.web before 5.25.0\n\n### Patches\nUsers should upgrade to 5.26.0 or higher\n### Workarounds\n\nNone\n\n### References\n* https://stackoverflow.com/questions/2777021/do-i-need-to-sanitize-the-callback-parameter-from-a-jsonp-call\n* https://stackoverflow.com/questions/1661197/what-characters-are-valid-for-javascript-variable-names\n\nFor more information\nIf you have any questions or comments about this advisory:\n\nOpen an issue in [omero-web](https://github.com/ome/omero-web)\nEmail us at [security@openmicroscopy.org](mailto:security@openmicroscopy.org)\n", "id": "GHSA-vr85-5pwx-c6gq", "modified": "2024-05-21T15:39:43Z", "published": "2024-05-21T14:33:23Z", "references": [ { "type": "WEB", "url": "https://github.com/ome/omero-web/security/advisories/GHSA-vr85-5pwx-c6gq" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35180" }, { "type": "WEB", "url": "https://github.com/ome/omero-web/commit/d41207cbb82afc56ea79e84db532608aa24ab4aa" }, { "type": "PACKAGE", "url": "https://github.com/ome/omero-web" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ], "summary": "OMERO.web must check that the JSONP callback is a valid function" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…