DeepChat Remote Code Execution Vulnerability via Cross-Site Scripting
Vulnerability
A remote code execution vulnerability has been identified in DeepChat versions through 0.5.1. This issue arises from cross-site scripting (XSS) attacks facilitated by improperly sanitized Mermaid content. The vulnerability allows an attacker to inject malicious JavaScript, which can be executed on the victim's machine through the electron.ipcRenderer interface, bypassing intended security measures. The current patch for MermaidArtifact.vue is inadequate, as it fails to address unquoted HTML attributes and HTML entity encoding, leaving room for exploitation.
Impact
Exploitation of this vulnerability allows for remote code execution on the victim's machine.
Reproduction
To reproduce this vulnerability, create a Mermaid artifact with an unquoted HTML attribute, such as 'onerror', encoded with HTML entities to evade the regex filter that attempts to sanitize such attributes. Once the malicious JavaScript is injected, it can be executed via the electron.ipcRenderer interface, bypassing the application's security measures.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.