Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05OHBmLWdmaDMteDNtcM4AAv0C
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Impact
This vulnerability allowed a malicious user to serve arbitrary HTML files from the main application domain (readthedocs[.]org/readthedocs[.]com) by exploiting a vulnerability in the code that serves downloadable content from a project.
Exploiting this would have required the attacker to get a logged-in user to visit the malicious URL, which would have allowed the attacker to take control of the user's session with JavaScript (making requests to the API/site on behalf of the user). This URL would have looked something like hxxps[:]//readthedocs[.]org/projects/attacker-project/downloads/html/version-with-javascript-attack/.
Patches
This issue has been patched in our 8.8.1 release.
Permalink: https://github.com/advisories/GHSA-98pf-gfh3-x3mpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05OHBmLWdmaDMteDNtcM4AAv0C
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
Identifiers: GHSA-98pf-gfh3-x3mp
References:
- https://github.com/readthedocs/readthedocs.org/security/advisories/GHSA-98pf-gfh3-x3mp
- https://github.com/readthedocs/readthedocs.org/commit/b0ae626acd13882170ec5888e35f3ef2e48e6ff6
- https://github.com/advisories/GHSA-98pf-gfh3-x3mp
Blast Radius: 0.0
Affected Packages
npm:readthedocs
Dependent packages: 0Dependent repositories: 1
Downloads: 16 last month
Affected Version Ranges: < 8.8.1
Fixed in: 8.8.1
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 1.0.0, 1.0.1, 1.0.2, 1.0.3
All unaffected versions: