DeepChat Mermaid Component XSS Vulnerability Leading to Remote Code Execution

A vulnerability in DeepChat versions prior to 0.3.5 allows for remote code execution through a cross-site scripting (XSS) issue in the Mermaid chart rendering component. The vulnerability arises from the unsafe use of 'innerHTML' to display user content, which can be exploited by injecting malicious scripts. This flaw builds on an existing XSS vulnerability in the project, creating a chain of exploits that can execute arbitrary JavaScript and commands via exposed inter-process communication (IPC).

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the user's machine.

Reproduction

The vulnerability can be reproduced by rendering a Mermaid chart that includes malicious content, such as a JavaScript payload, which takes advantage of the 'innerHTML' rendering method. This can be done by clicking a link embedded in the chart that triggers the execution of the injected script. Alternatively, the vulnerability can be exploited by directly injecting XSS payloads, such as an image tag with an 'onerror' event, into the Mermaid content, which will execute the script as soon as the chart is rendered.

Remediation

Users should update to DeepChat version 0.3.5 or later, where this vulnerability has been addressed.