Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added CVE-2024-21485 Template #11502

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Added CVE-2024-21485 Template #11502

wants to merge 5 commits into from
+72 −0

Conversation

eeche
Copy link
Contributor

@eeche eeche commented Jan 18, 2025

Template / PR Information

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting (XSS)
via href attribute in anchor tags. This template tests for javascript:alert payload injection.

Additional References:

Sorry, something went wrong.

eeche and others added 2 commits January 18, 2025 10:55
@eeche
Added CVE-2024-21485 Template
Loading
Loading status checks…
37b32ae
@DhiyaneshGeek
fix-template
Loading
Loading status checks…
f108891
@DhiyaneshGeek DhiyaneshGeek self-assigned this Jan 20, 2025
@DhiyaneshGeek
Copy link
Member

Hi @eeche

Thanks for sharing the template with the community and contributing to the template project

i have made some minor changes to the template, let me know if it works well at your end

Thanks

@eeche
fix-template
Loading
Loading status checks…
96b845d
@eeche
Copy link
Contributor Author

eeche commented Jan 21, 2025

Hi @DhiyaneshGeek

Thanks for the update! The changes look good.

However, Dash does not use /update for POST requests by default.

I modified it to use the Dash callback route instead, and now everything works as expected.

Thanks

@DhiyaneshGeek
Copy link
Member

Hi @eeche

can you share a setup instructions to set-up a vulnerable environment and test this vulnerability ?

Looking forward to hear back from you

Thanks

@eeche
Copy link
Contributor Author

eeche commented Jan 21, 2025

Hi @DhiyaneshGeek

You can set up a vulnerable environment using the following Dash application code

Thanks

from dash import Dash, html, dcc, Input, Output

app = Dash(__name__)

# Layout containing a vulnerable link
app.layout = html.Div([
    html.H1("Vulnerable Dash Application"),
    
    # Text field for user input
    dcc.Input(
        id='link-input',
        type='text',
        placeholder='Enter a link'
    ),
    
    # Area to display the entered link
    html.Div(id='link-output'),
    
    # Simulated stored data
    html.Div([
        html.H3("Sensitive User Data"),
        html.P("Cookie: " + "sensitive_cookie_value"),
        html.P("Token: " + "user_access_token_123")
    ])
])

# Callback: Process the entered link
@app.callback(
    Output('link-output', 'children'),
    Input('link-input', 'value')
)
def update_link(value):
    if value is None:
        return ''
    # Vulnerable part: Using user input directly in href
    return html.A('Click here', href=value)

if __name__ == '__main__':
    app.run_server(debug=True)

@DhiyaneshGeek
update matcher
Loading
Loading status checks…
f129175
@DhiyaneshGeek
Update CVE-2024-21485.yaml
Loading
Loading status checks…
980d0a8
@DhiyaneshGeek DhiyaneshGeek added Done Ready to merge and removed waiting for more info labels Jan 21, 2025
@DhiyaneshGeek
Copy link
Member

Hi @eeche

Thanks for sharing the details 😄

@ritikchaddha ritikchaddha added Status: In Progress This issue is being worked on, and has someone assigned. and removed Done Ready to merge labels Jan 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ritikchaddha ritikchaddha

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
Status: In Progress This issue is being worked on, and has someone assigned.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@eeche @DhiyaneshGeek @ritikchaddha