dompurify: nesting-based mutation XSS vulnerability

A flaw was found in DOMPurify that could allow for a nesting-based mXSS to not be properly sanitized...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 dompurify:...

RLSA-2024:8678 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

grafana security update

An update is available for grafana. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

RockyLinux 9 : grafana (RLSA-2024:8678)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8678 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the precedi...

The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to uncontrolled changes to object prototype attributes. This allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to uncontrolled changes to object prototype attributes. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of the protected...

XSS (Cross Site Scripting) DOMPurify Dependency in Jira Core Data Center and Server

|Please see our updated fixed version guidance for this CVE, as the fix issued in our November 2024 Security Bulletin was incomplete. This vulnerability has now been mitigated in Jira Software and the correct fixed versions have been added to this ticket. We apologize for any inconvenience our...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.20 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

AlmaLinux 9 : grafana (ALSA-2024:8678)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8678 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the precedin...

CVE-2024-48910

A prototype pollution vulnerability was found in DOMPurify. This flaw allows a remote attacker to add or modify attributes of an object prototype. This issue can lead to the injection of malicious attributes used in other components or cause a crash by overriding existing attributes with ones of...

CVE-2024-48910

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2...

DEBIAN-CVE-2024-48910

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2...

UBUNTU-CVE-2024-48910

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2...

GHSA-P3VF-V8QC-CWCR DOMPurify vulnerable to tampering by prototype polution

dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc...

DOMPurify vulnerable to tampering by prototype polution

dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc...

@0xgg/echomd (>=1.0.0 <=1.0.4), @5lions/library-registry-admin (=0.0.0) +1143 more potentially affected by CVE-2024-48910 via dompurify (>=0.6.6 <=2.4.1)

dompurify NPM version =0.6.6, =1.0.0, =0.2.0-beta.9, =0.2.0-beta.13, =3.0.0, =2.2.0, =6.4.3, =0.0.2, =1.0.1, =0.6.0, =0.1.0, =1.0.0, =0.1.0, =0.9.0 and more Source cves: CVE-2024-48910 Source advisory: OSV:GHSA-P3VF-V8QC-CWCR...

CVE-2024-48910 DOMPurify vulnerable to tampering by prototype polution

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2...

CVE-2024-48910

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2...

CVE-2024-48910 DOMPurify vulnerable to tampering by prototype polution

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2...