CVE-2025-27109 - Vulnerability Details - OpenCVE

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://github.com/solidjs/solid/commit/b93956f28ed75469af6976a98728e313d0edd236
https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6

History

Mon, 24 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 21 Feb 2025 21:30:00 +0000

Type	Values Removed	Values Added
Description		solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Title		Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js
Weaknesses		CWE-116 CWE-79
References		https://github.com/solidjs/solid/commit/b93956f28ed75469af6976a98728e313d0edd236 https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-02-21T21:12:58.218Z

Updated: 2025-02-24T17:05:00.409Z

Reserved: 2025-02-18T16:44:48.766Z

Link: CVE-2025-27109

Vulnrichment

Updated: 2025-02-24T17:04:56.480Z

NVD

Status : Received

Published: 2025-02-21T22:15:14.303

Modified: 2025-02-24T17:15:14.850

Link: CVE-2025-27109

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27109", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-02-18T16:44:48.766Z", "datePublished": "2025-02-21T21:12:58.218Z", "dateUpdated": "2025-02-24T17:05:00.409Z"}, "containers": {"cna": {"title": "Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js", "problemTypes": [{"descriptions": [{"cweId": "CWE-116", "lang": "en", "description": "CWE-116: Improper Encoding or Escaping of Output", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6"}, {"name": "https://github.com/solidjs/solid/commit/b93956f28ed75469af6976a98728e313d0edd236", "tags": ["x_refsource_MISC"], "url": "https://github.com/solidjs/solid/commit/b93956f28ed75469af6976a98728e313d0edd236"}], "affected": [{"vendor": "solidjs", "product": "solid", "versions": [{"version": "< 1.9.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-02-21T21:12:58.218Z"}, "descriptions": [{"lang": "en", "value": "solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-3qxh-p7jc-5xh6", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-24T17:04:46.604783Z", "id": "CVE-2025-27109", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T17:05:00.409Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27109", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-24T17:04:46.604783Z"}}}], "references": [{"url": "https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T17:04:56.480Z"}}], "cna": {"title": "Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js", "source": {"advisory": "GHSA-3qxh-p7jc-5xh6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "solidjs", "product": "solid", "versions": [{"status": "affected", "version": "< 1.9.4"}]}], "references": [{"url": "https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6", "name": "https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/solidjs/solid/commit/b93956f28ed75469af6976a98728e313d0edd236", "name": "https://github.com/solidjs/solid/commit/b93956f28ed75469af6976a98728e313d0edd236", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-116", "description": "CWE-116: Improper Encoding or Escaping of Output"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-02-21T21:12:58.218Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27109", "state": "PUBLISHED", "dateUpdated": "2025-02-24T17:05:00.409Z", "dateReserved": "2025-02-18T16:44:48.766Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-02-21T21:12:58.218Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "solid-js es una librer\u00eda declarativa, eficiente y flexible de JavaScript para crear interfaces de usuario. En las versiones afectadas, las inserciones y expresiones JSX dentro de fragmentos JSX en l\u00ednea ilegales carec\u00edan de capacidad de escape, lo que permit\u00eda que la entrada del usuario se representara como HTML cuando se colocaba directamente dentro de fragmentos JSX. Este problema se ha solucionado en la versi\u00f3n 1.9.4 y se recomienda a todos los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad."}], "id": "CVE-2025-27109", "lastModified": "2025-02-24T17:15:14.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-02-21T22:15:14.303", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/solidjs/solid/commit/b93956f28ed75469af6976a98728e313d0edd236"}, {"source": "security-advisories@github.com", "url": "https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-116"}], "source": "security-advisories@github.com", "type": "Secondary"}]}