Severity
Medium
Analysis Summary
CVE-2022-31108
Node.js mermaid module could allow a remote authenticated attacker to obtain sensitive information, caused by an injection flaw. By sending specially-crafted CSS into the generated graph, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-31108
Affected Vendors
Node.js
Affected Products
Node.js mermaid 9.1.1
Remediation
Upgrade to the latest version of mermaid, available from the Mermaid GIT Repository.