5ire Remote Code Execution Vulnerability via Insecure Mermaid Diagram Rendering
Vulnerability
A remote code execution vulnerability has been identified in 5ire, a cross-platform desktop AI assistant, in versions through 0.15.2. The issue arises in the 'useMarkdown.ts' file, where the 'markdown-it-mermaid' plugin is set to 'loose' security level. This configuration allows HTML tags to be rendered within Mermaid diagram nodes, enabling the injection of malicious JavaScript. The vulnerability exploits the application's exposed API to execute system commands without user interaction.
Impact
Exploitation of this vulnerability allows for remote code execution on the host system.
Reproduction
To reproduce this vulnerability, create a Mermaid diagram that includes an HTML tag, such as an image tag with an 'onerror' event. When the diagram is rendered, the HTML tag will be injected into the DOM. The injected JavaScript can then be used to execute commands on the host system via the application's 'electron.mcp' API.
Remediation
Users can update to 5ire version 0.15.2, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.