CVE-2020-7749 - Vulnerability Details - OpenCVE

This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Osm-static-maps Project	Osm-static-maps

Configuration 1 [-]

cpe:2.3:a:osm-static-maps_project:osm-static-maps:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142
https://github.com/jperelli/osm-static-maps/pull/24
https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2020-10-20T10:25:26.929315Z

Updated: 2024-09-16T16:28:47.401Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7749

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-20T11:15:12.660

Modified: 2024-11-21T05:37:43.837

Link: CVE-2020-7749

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "osm-static-maps", "vendor": "n/a", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vasilii Ermilov"}], "datePublic": "2020-10-20T00:00:00", "descriptions": [{"lang": "en", "value": "This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "REASONABLE", "scope": "UNCHANGED", "temporalScore": 6.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:R", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Server-side Request Forgery (SSRF)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T10:25:26", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/jperelli/osm-static-maps/pull/24"}], "title": "Server-side Request Forgery (SSRF)", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "DATE_PUBLIC": "2020-10-20T10:20:24.998257Z", "ID": "CVE-2020-7749", "STATE": "PUBLIC", "TITLE": "Server-side Request Forgery (SSRF)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "osm-static-maps", "version": {"version_data": [{"version_affected": ">=", "version_value": "0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Vasilii Ermilov"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:R", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Server-side Request Forgery (SSRF)"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637"}, {"name": "https://github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142", "refsource": "MISC", "url": "https://github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142"}, {"name": "https://github.com/jperelli/osm-static-maps/pull/24", "refsource": "MISC", "url": "https://github.com/jperelli/osm-static-maps/pull/24"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:41:01.601Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/jperelli/osm-static-maps/pull/24"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7749", "datePublished": "2020-10-20T10:25:26.929315Z", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-09-16T16:28:47.401Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:osm-static-maps_project:osm-static-maps:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "02D6B0BB-1A95-4C5B-861B-598C32A63812", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read."}, {"lang": "es", "value": "Esto afecta a todas las versiones del paquete osm-static-maps. Una entrada de usuario dada al paquete es pasada directamente a una plantilla sin escapar ({{{...}}}). Como tal, es posible que un atacante inyecte c\u00f3digo HTML/JS arbitrario y dependiendo del contexto. Se generar\u00e1 como un HTML en la p\u00e1gina que otorga la oportunidad de un XSS o se renderizaba en el servidor (puppeteer) que tambi\u00e9n otorga la oportunidad de un SSRF y una lectura de archivos locales"}], "id": "CVE-2020-7749", "lastModified": "2024-11-21T05:37:43.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "[email protected]", "type": "Secondary"}]}, "published": "2020-10-20T11:15:12.660", "references": [{"source": "[email protected]", "tags": ["Broken Link"], "url": "https://github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/jperelli/osm-static-maps/pull/24"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/jperelli/osm-static-maps/pull/24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}