SageMath CoCalc Arbitrary File Upload Vulnerability Allowing Code Execution
Vulnerability
A vulnerability allowing arbitrary file uploads has been identified in SageMath, Inc CoCalc versions prior to the patch in commit 0d2ff58. This vulnerability allows attackers to execute arbitrary code by uploading a specially crafted SVG file. The issue arises from improper input validation and unrestricted file uploads of dangerous file types, which can lead to stored cross-site scripting (XSS) vulnerabilities.
Impact
Exploitation of this vulnerability could lead to unauthorized code execution on the server where CoCalc is hosted.
Reproduction
To reproduce this vulnerability, upload a malicious SVG file to a CoCalc project. The file should contain a payload that exploits the XSS vulnerability by executing JavaScript in the context of the user's browser. After uploading, the SVG file can be opened or rendered within CoCalc, triggering the execution of the embedded JavaScript.
Remediation
Users should update to the latest version of CoCalc, which includes the patch for this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.