CVE-2024-48910 DOMPurify vulnerable to tampering by prototype polution

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2...

CVE-2024-48910

CVE-2024-48910 affects DOMPurify, a DOM-only XSS sanitizer. The vulnerability is a prototype pollution issue in DOMPurify that could enable remote code execution or similar impact as described in multiple sources. The fixed versions cited in the initial document include 2.4.2 for the DOMPurify is...

DOMPurify 安全漏洞

DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify versions prior to 2.4.2, which stems from susceptibility to prototype contamination...

dompurify: nesting-based mutation XSS vulnerability

A flaw was found in DOMPurify that could allow for a nesting-based mXSS to not be properly sanitized...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

ALSA-2024:8678 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

Prototype Pollution

Mermaid is vulnerable to prototype pollution.The vulnerability is due to prototype pollution in its bundled version of DOMPurify, which allows attackers to manipulate object properties in JavaScript, potentially causing unintended behavior in applications...

RLSA-2024:8327 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

grafana security update

An update is available for grafana. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...

RockyLinux 8 : grafana (RLSA-2024:8327)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8327 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the precedi...

AlmaLinux 8 : grafana (ALSA-2024:8327)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8327 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the precedin...

Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify

The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack. This affects the built: - dist/mermaid.min.js -...

GHSA-M4GQ-X24J-JPMF Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify

The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack. This affects the built: - dist/mermaid.min.js -...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

dompurify: nesting-based mutation XSS vulnerability

A flaw was found in DOMPurify that could allow for a nesting-based mXSS to not be properly sanitized...

PT-2024-40360 · Npm +1 · Mermaid +1

Name of the Vulnerable Software and Affected Versions: Mermaid versions prior to the version containing the fix for the DOMPurify vulnerability Description: The Mermaid NPM package contains a vulnerable version of DOMPurify, potentially resulting in an XSS attack. This issue affects users who use...

RHEL 8 : grafana (RHSA-2024:8327)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8327 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips:...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to the use of a regular expression with inefficient computational complexity, allowing attackers to execute XSS attacks.

The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker who operates remotely to carry out XSS attacks...