CVE-2024-34341: Trix Editor Arbitrary Code Execution Vulnerability
(updated )
The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application.
Vulnerable Versions:
- 1.x series up to and including 1.3.1
- 2.x series up to and including 2.1.0
Fixed Versions:
- v1.3.2
- v2.1.1
Vector:
- Bug 1: When copying content manipulated by a script, such as:
document.addEventListener('copy', function(e){
e.clipboardData.setData('text/html', '<div><noscript><div class="123</noscript>456<img src=1 onerror=alert(1)//"></div></noscript></div>');
e.preventDefault();
});
and pasting into the Trix editor, the script within the content is executed.
- Bug 2: Similar execution occurs with content structured as:
References
- discuss.rubyonrails.org/t/xss-vulnerabilities-in-trix-editor/85803
- github.com/advisories/GHSA-qjqp-xr96-cj99
- github.com/basecamp/trix
- github.com/basecamp/trix/commit/1a5c68a14d48421fc368e30026f4a7918028b7ad
- github.com/basecamp/trix/commit/841ff19b53f349915100bca8fcb488214ff93554
- github.com/basecamp/trix/pull/1147
- github.com/basecamp/trix/pull/1149
- github.com/basecamp/trix/releases/tag/v2.1.1
- github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99
- github.com/rails/rails/commit/07e6c88cc4defe6f6b8d28e79eb13a518e15b14c
- github.com/rails/rails/commit/260cb392fc1ee91d0b749cff08d1c8d54b230bd3
- github.com/rails/rails/commit/73fac32511eefdd45d8f00fecc2b8cc5408ea6d5
- github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-34341.yml
- nvd.nist.gov/vuln/detail/CVE-2024-34341
- rubyonrails.org/2024/5/17/Rails-Versions-7-0-8-2-and-7-1-3-3-have-been-released
- rubyonrails.org/2024/5/17/Rails-Versions-7-0-8-3-has-been-released
Detect and mitigate CVE-2024-34341 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →