LibreChat versions before 0.8.4-rc1 use the marked library v15.0.12 for markdown rendering. The vulnerability occurs because the marked library's default renderer does not HTML-escape double-quote characters in image alt text when a custom renderer falls back to it. LibreChat's generateMarkdownHtml function installs a custom image renderer that returns false for URLs passing the isSafeUrl allowlist, causing fallback to the vulnerable default renderer. An attacker can craft alt text containing a double-quote and an event handler (e.g., " onload="payload) to break out of the alt attribute and inject malicious JavaScript. This malicious HTML is then assigned to innerHTML inside a Sandpack preview iframe, enabling script execution in the victim's browser context. The vulnerability is resolved in LibreChat 0.8.4-rc1.

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's browser when viewing the markdown preview in LibreChat. This can lead to information disclosure or other client-side impacts. The CVSS 3.1 base score is 5.4 (medium severity), reflecting network attack vector, low attack complexity, required privileges and user interaction, and partial confidentiality and integrity impact without availability impact.

This vulnerability is fixed in LibreChat version 0.8.4-rc1. Users should upgrade to version 0.8.4-rc1 or later to remediate this issue. No official patch or workaround is indicated beyond upgrading. Patch status is not explicitly stated beyond the fix in 0.8.4-rc1, so users should verify with the vendor for the latest remediation guidance.