Miggo Logo

CVE-2017-1000043:
Content Injection via TileJSON Name in mapbox.js

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.38017%
Published
11/9/2018
Updated
3/27/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
mapbox.jsnpm< 1.6.61.6.6
mapbox.jsnpm>= 2.0.0, < 2.2.42.2.4
mapbox-railsrubygems>= 1.0.0, < 1.6.61.6.6
mapbox-railsrubygems>= 2.0.0, < 2.2.42.2.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in share control UI generation where TileJSON 'name' values are inserted into DOM without proper escaping. The primary vulnerable functions are in the ShareControl prototype responsible for rendering UI elements. L.mapbox.map is included as the entry point that initiates the vulnerable chain when using untrusted input. These functions would appear in stack traces when processing malicious TileJSON data and generating share controls.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsions *.x prior to *.*.* *n* *.x prior to *.*.* o* `m*p*ox.js` *r* vuln*r**l* to * *ross-sit*-s*riptin* *tt**k in **rt*in un*ommon us*** s**n*rios. I* `L.m*p*ox.m*p` or `L.m*p*ox.s**r**ontrol` *r* us** in * m*nn*r t**t *iv*s us*rs *ontrol o* t**

Reasoning

T** vuln*r**ility m*ni**sts in s**r* *ontrol UI **n*r*tion w**r* Til*JSON 'n*m*' v*lu*s *r* ins*rt** into *OM wit*out prop*r *s**pin*. T** prim*ry vuln*r**l* *un*tions *r* in t** S**r**ontrol prototyp* r*sponsi*l* *or r*n**rin* UI *l*m*nts. L.m*p*ox.