CVE-2024-34341: Trix Editor Arbitrary Code Execution Vulnerability
The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application.
Vulnerable Versions: Up to 2.1.0
Fixed Version: 2.1.1
Vector:
- Bug 1: When copying content manipulated by a script, such as:
document.addEventListener('copy', function(e){
e.clipboardData.setData('text/html', '<div><noscript><div class="123</noscript>456<img src=1 onerror=alert(1)//"></div></noscript></div>');
e.preventDefault();
});
and pasting into the Trix editor, the script within the content is executed.
- Bug 2: Similar execution occurs with content structured as:
References
- github.com/advisories/GHSA-qjqp-xr96-cj99
- github.com/basecamp/trix
- github.com/basecamp/trix/commit/1a5c68a14d48421fc368e30026f4a7918028b7ad
- github.com/basecamp/trix/commit/841ff19b53f349915100bca8fcb488214ff93554
- github.com/basecamp/trix/pull/1147
- github.com/basecamp/trix/pull/1149
- github.com/basecamp/trix/releases/tag/v2.1.1
- github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99
- nvd.nist.gov/vuln/detail/CVE-2024-34341
Code Behaviors & Features
Detect and mitigate CVE-2024-34341 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →