CVE-2022-41709 An attacker can execute arbitrary code on any client who views a malicious Markdown file.

NodeIntegration is a Symfony2 component that allows an application to use Node.js modules. When enabled, it exposes the Apache HttpClient library to the application, allowing any client to send an HTTP request to any server. By adding "nodeIntegration" to the app.yml of the application, an attacker can send a request to any server with NodeIntegration enabled. This means that any client attempting to view a malicious markdown file through Markdownify will be vulnerable to remote code execution. - CVE-2018-9520

Summary

NodeIntegration is a Symfony2 component that allows an application to use Node.js modules. When enabled, it exposes the Apache HttpClient library to the application, allowing any client to send an HTTP request to any server. By adding "nodeIntegration" to the app.yml of your application, an attacker can send a request to any server with NodeIntegration enabled. This means that any client attempting to view a malicious markdown file through Markdownify will be vulnerable to remote code execution.

Dependencies

NodeIntegration depends on the Apache HttpClient library. This is not generally considered a security risk, but it can be exploited as such.
The Apache HttpClient library has been known to execute code remotely when an attacker sends an HTTP request with malicious data. The NodeIntegration component includes the ability to load an arbitrary module and execute any code that comes in it by default. This means that if the malicious markdown file comes from an external source, then both NodeIntegration and Markdownify are vulnerable to remote code execution.

Abstract

In this article, the author explains how a Symfony2 component made it possible for an attacker to send requests with NodeIntegration enabled.

NodeIntegration is a Symfony2 component that allows an application to use Node.js modules. When enabled, it exposes the Apache HttpClient library to the application, allowing any client to send an HTTP request to any server. By adding "nodeIntegration" to the app.yml of the application, an attacker can send a request to any server with NodeIntegration enabled. This means that any client attempting to view a malicious markdown file through Markdownify will be vulnerable to remote code execution. - CVE-2018-9520

Installing NodeIntegration

Install NodeIntegration dependencies: composer require symfony/http-client dev-master -vv
Add "nodeIntegration" to the app.yml configuration file: http://symfony-project.com/doc/current/app.html#configuration
Check out the Symfony 2 Security Checklist to make sure you haven't missed anything from the installation process

Timeline

Published on: 10/19/2022 17:15:00 UTC
Last modified on: 10/20/2022 20:19:00 UTC

References

• https://github.com/amitmerchant1990/electron-markdownify
• https://fluidattacks.com/advisories/adams/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41709