You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
CVE-2024-28245 - Medium Severity Vulnerability
Vulnerable Library - katex-0.11.1.tgz
Fast math typesetting for the web.
Library home page: https://registry.npmjs.org/katex/-/katex-0.11.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/katex/package.json
Dependency Hierarchy:
Found in HEAD commit: fb5f77da2e6a1abdc8035ddac751a729e7652710
Found in base branch: master
Vulnerability Details
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using
\includegraphics
that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.Publish Date: 2024-03-25
URL: CVE-2024-28245
CVSS 3 Score Details (6.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-f98w-7cxr-ff2h
Release Date: 2024-03-25
Fix Resolution: 0.16.10
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: