CVE-2023-26486 — MEDIUM (6.5)

Q: How severe is CVE-2023-26486?

CVE-2023-26486 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-26486?

Check the references section above for vendor advisories and patch information. Affected products include: Vega-Functions Project Vega-Functions, Vega Project Vega.

Vulnerability Description

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Vega-Functions Project	Vega-Functions	< 5.13.1
Vega Project	Vega	< 5.23.0

Related Weaknesses (CWE)

CWE-79

References

https://github.com/vega/vega/releases/tag/v5.23.0Release Notes
https://github.com/vega/vega/security/advisories/GHSA-4vq7-882g-wcg4ExploitThird Party Advisory
https://github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packaPermissions Required
https://github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packaPermissions Required
https://vega.github.io/editor/#/url/vega/N4IgJAzgxgFgpgWwIYgFwhgF0wBwqgegIDc4BzJExploit
https://github.com/vega/vega/releases/tag/v5.23.0Release Notes
https://github.com/vega/vega/security/advisories/GHSA-4vq7-882g-wcg4ExploitThird Party Advisory
https://github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packaPermissions Required
https://github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packaPermissions Required
https://vega.github.io/editor/#/url/vega/N4IgJAzgxgFgpgWwIYgFwhgF0wBwqgegIDc4BzJExploit

FAQ

What is CVE-2023-26486?

CVE-2023-26486 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functi...

How severe is CVE-2023-26486?

CVE-2023-26486 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-26486?

Check the references section above for vendor advisories and patch information. Affected products include: Vega-Functions Project Vega-Functions, Vega Project Vega.