5ire Remote Code Execution Vulnerability via Unsafe HTML Rendering
Vulnerability
A remote code execution vulnerability exists in 5ire versions prior to 0.15.3. The issue arises from unsafe HTML rendering that allows untrusted HTML, including event attributes, to execute in the renderer context. This vulnerability can be exploited by injecting an image tag with an 'onerror' event payload to execute arbitrary JavaScript. The injected script can call exposed bridge APIs, such as 'window.bridge.mcpServersManager.createServer', leading to unauthorized creation of MCP servers and remote command execution.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected system.
Reproduction
To reproduce this vulnerability, inject an image tag with an 'onerror' attribute payload into a context that renders untrusted HTML using 'dangerouslySetInnerHTML'. The 'onerror' attribute can be used to execute JavaScript in the renderer, which can then call bridge APIs to create MCP servers.
Remediation
Users can upgrade to 5ire version 0.15.3 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.