Description

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content.

INFO

Published Date :

2024-05-07T15:13:03.137Z

Last Modified :

2024-08-02T02:51:09.811Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-34341 vulnerability.

Vendors Products
Basecamp
  • Trix
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-34341.

URL Resource
https://github.com/basecamp/trix/commit/1a5c68a14d48421fc368e30026f4a7918028b7ad cve-icon cve-icon cve-icon
https://github.com/basecamp/trix/commit/841ff19b53f349915100bca8fcb488214ff93554 cve-icon cve-icon cve-icon
https://github.com/basecamp/trix/pull/1147 cve-icon cve-icon cve-icon
https://github.com/basecamp/trix/pull/1149 cve-icon cve-icon cve-icon
https://github.com/basecamp/trix/releases/tag/v2.1.1 cve-icon cve-icon cve-icon
https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact