CVE-2023-41049

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 1, 2023

Updated: Sep 6, 2023

CWE ID 79

Summary

CVE-2023-41049 is a vulnerability affecting the open-source npm library '@dcl/single-sign-on-client', which deals with single sign-on authentication flows. The issue lies in the 'init' function, where improper input validation allows for the execution of arbitrary JavaScript code using the `javascript:` prefix. This vulnerability has been addressed in version 0.1.0 and users are strongly encouraged to upgrade. Those unable to do so should restrict untrusted user input to the 'init' function to mitigate potential risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Decentraland Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sbM_SP
https://www.cve.org/CVERecord?id=CVE-2023-41049
https://nvd.nist.gov/vuln/detail/CVE-2023-41049

Back to Vulnerability Database

CVE-2023-41049

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations