| タイトル | rethinkdb V2.4.3(latest) cross-site scripting(XSS) |
|---|
| 説明 | Vulnerability Title
There is a cross-site scripting(XSS) vulnerability in the rethinkdb database
Affected Versions:
V2.4.3(latest)
Discovery Time:
2026-01-14
Discoverer:
59LAB([email protected])
Analysis Report:
installed: download from https://rethinkdb.com/docs/install/ .\rethinkdb.exe --bind all image
POC
http://ip:8080/#tables/xxxxxx Tables->Create a new secondary index->delete image POC: <iframe src="data:text/html,"></iframe> image The payload will not be triggered after successful creation. After clicking the delete button three times in a row, you can see that the JavaScript code is executed successfully. image
Patch Solution:
To remediate this vulnerability, it is recommended to apply a defense-in-depth approach combining proper output encoding and stricter security policy enforcement: Strict Output Encoding All data returned from SQL query results and rendered in the web interface should be properly HTML-encoded according to its output context. Special characters such as <, >, ", and ' must be safely escaped to prevent user-controlled input from being interpreted as HTML markup. Restrict Dangerous URI Schemes The application should explicitly block or sanitize dangerous URI schemes such as data:, javascript:, and blob: when rendering content inside HTML attributes or tags (e.g., iframe, img, object, embed). Allowlisting only trusted schemes like https: is strongly recommended. Harden Content Security Policy (CSP) The existing Content Security Policy should be strengthened to prevent script execution from non-trusted sources. In particular: Disallow data: URIs in frame-src, child-src, and script-src Avoid using 'unsafe-inline' and 'unsafe-eval' Enforce a strict default-src 'self' policy Avoid Rendering Raw Query Results as HTML SQL execution console output should be rendered as plain text rather than raw HTML whenever possible. If HTML rendering is required, a robust HTML sanitizer should be applied to remove executable elements such as <script>, <iframe>, , and event handler attributes. By implementing the above measures, the risk of cross-site scripting (XSS), including CSP bypass techniques using data: URLs, can be effectively mitigated. |
|---|
| ソース | ⚠️ https://github.com/59lab/dbdb/blob/main/There%20is%20a%20cross-site%20scripting(XSS)%20vulnerability%20in%20the%20rethinkdb%20database.md |
|---|
| ユーザー | 59lab (UID 94191) |
|---|
| 送信 | 2026年01月14日 02:25 (5 月 ago) |
|---|
| モデレーション | 2026年01月28日 11:08 (14 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 343191 [rethinkdb 迄 2.4.3 Secondary Index クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|