The issue was discovered by Thomas De Ryck and reported to the maintainers of the project on 31st of May, 2018. The fix was implemented in version 1.1.9 and pushed to the repository on 14th of June, 2018. As of 1.1.11, the project has been marked as having a minor upgrade and is now available for download via the project’s website. The latest version can be downloaded from the project’s website.

Overview of the vulnerability

A vulnerability was discovered in the project vue-typography that could allow an attacker to execute arbitrary code under certain conditions. The vulnerability exists in the handling of CSS. An attacker would need to convince a victim to browse a malicious website or download a malicious file in order to trigger this vulnerability.

Introduction of CVE-2022-36072

The project announced a new release on the 31st of May, 2018. The last version was released on 16th of April, 2018. The maintainers of the project released a fix for the issue on 14th of June, 2018.

Description of the Issue

The issue was discovered by Thomas De Ryck and reported to the maintainers of the project on 31st of May, 2018. The fix was implemented in version 1.1.9 and pushed to the repository on 14th of June, 2018. As of 1.1.11, the project has been marked as having a minor upgrade and is now available for download via the project’s website. The latest version can be downloaded from the project’s website.

Installation and Upgrade of the Project


The installation process is quite straight-forward, as it is only available as a package. The download and installation processes are described in detail on their release notes, but briefly:

Download the source code from the project’s website and extract the archive at an appropriate place in your system. Make sure that you have installed all the necessary dependencies for compilation. Run make to compile the project. Run make install to copy everything into your proper build directory.
To upgrade to a new version, first delete all of the old files and then run make again with new versions of all dependencies until they are done compiling. Finally, run make install again with new versions of your dependencies, this time including the newly compiled packages in addition to those already installed so that your system will be fully up-to-date with only one command.

Timeline

Published on: 09/06/2022 21:15:00 UTC
Last modified on: 09/12/2022 15:47:00 UTC

References