Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to the use of a regular expression with inefficient computational complexity, allowing attackers to execute XSS attacks.

The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker who operates remotely to carry out XSS attacks...

Debian: Security Advisory (DSA-5790-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5790-1] node-dompurify security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5790-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 13, 2024 https://www.debian.org/security/faq -...

Debian dsa-5790 : node-dompurify - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5790 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5790-1 [email protected] https://www.debian.org/security/ Moritz...

DSA-5790-1 node-dompurify - security update

Bulletin has no description...

SUSE CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. Mitigation Mitigation for this issue is either not available or the currently available options do not meet th...

@0xgg/echomd (>=1.0.0 <=1.0.4), @5lions/library-registry-admin (=0.0.0) +1337 more potentially affected by CVE-2024-47875 via dompurify (>=0.6.6 <=2.4.9)

dompurify NPM version =0.6.6, =1.0.0, =0.2.0-beta.9, =0.2.0-beta.13, =3.0.0, =2.2.0, =6.4.3, =0.0.2, =1.0.1, =0.6.0, =0.3.0, =0.1.0, =0.1.0-a0, =1.1.0 and more Source cves: CVE-2024-47875 Source advisory: OSV:GHSA-GX9M-WHJM-85JF...

@3t-transform/threeteeui (>=1.5.1 <=1.10.0), @accelbyte/sdk-legal (>=0.0.0-dev-20240828032938 <=6.0.2) +288 more potentially affected by CVE-2024-47875 via dompurify (>=3.0.0 <=3.1.2)

dompurify NPM version =3.0.0, =1.5.1, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =6.4.10, =5.1.1, =1.0.22, =1.0.12, =1.0.0, =1.0.22, =1.0.25, =0.0.1, =0.0.0-nightly-2022042277, =0.9.4-next.2 and more Source cves: CVE-2024-47875 Source advisory: OSV:GHSA-GX9M-WHJM-85JF...

DOMpurify has a nesting-based mXSS

DOMpurify was vulnerable to nesting-based mXSS fixed by 0ef5e537 2.x and merge 943 Backporter should be aware of GHSA-mmhx-hmjr-r674 CVE-2024-45801 when cherry-picking POC is avaible under test...

GHSA-GX9M-WHJM-85JF DOMpurify has a nesting-based mXSS

DOMpurify was vulnerable to nesting-based mXSS fixed by 0ef5e537 2.x and merge 943 Backporter should be aware of GHSA-mmhx-hmjr-r674 CVE-2024-45801 when cherry-picking POC is avaible under test...

CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

DEBIAN-CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

UBUNTU-CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875 DOMPurify nesting-based mXSS

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875 DOMPurify nesting-based mXSS

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875

CVE-2024-47875 affects DOMPurify and is a nesting-based mXSS vulnerability in DOMPurify’s HTML/MathML/SVG sanitization. The initial entry notes fixes in DOMPurify versions 2.5.0 and 3.1.3. Connected sources further confirm the issue is tracked across ecosystems (e.g., node-dompurify), with Debian...

CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875 DOMPurify nesting-based mXSS

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...