Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS12cjg1LTVwd3gtYzZncc4AA8W0

OMERO.web must check that the JSONP callback is a valid function

Background

There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is /webclient/imgData/.... As we only really use these endpoints with jQuery's own callback name generation ^1 it is quite difficult or even impossible to exploit this in vanilla OMERO.web. However, these metadata endpoints are likely to be used by many plugins.

Impact

OMERO.web before 5.25.0

Patches

Users should upgrade to 5.26.0 or higher

Workarounds

None

References

• https://stackoverflow.com/questions/2777021/do-i-need-to-sanitize-the-callback-parameter-from-a-jsonp-call
• https://stackoverflow.com/questions/1661197/what-characters-are-valid-for-javascript-variable-names

For more information
If you have any questions or comments about this advisory:

Open an issue in omero-web
Email us at [email protected]

Permalink: https://github.com/advisories/GHSA-vr85-5pwx-c6gq
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cjg1LTVwd3gtYzZncc4AA8W0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 months ago
Updated: 6 months ago

CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-vr85-5pwx-c6gq, CVE-2024-35180
References:

• https://github.com/ome/omero-web/security/advisories/GHSA-vr85-5pwx-c6gq
• https://github.com/ome/omero-web/commit/d41207cbb82afc56ea79e84db532608aa24ab4aa
• https://nvd.nist.gov/vuln/detail/CVE-2024-35180
• https://github.com/advisories/GHSA-vr85-5pwx-c6gq

Repository: https://github.com/ome/omero-web
Blast Radius: 8.4

Affected Packages