Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 9:3 p.m.7 views

Security Bulletin: IBM Storage Ceph is vulnerable to Inefficient Regular Expression Complexity in Grafana (CVE-2024-45801)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-45801 Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML,...

7.3CVSS5.2AI score0.00844EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.24 views

Security Bulletin: IBM Security SOAR is vulnerable to client-side vulnerability (CVE-2024-45801)

Summary IBM Security SOAR was using a UI component which contained a vulnerability that could lead to a client-side arbitrary code execution CVE-2024-45801. The vulnerable component has been removed from the UI. Please upgrade to IBM Security SOAR version 51.0.4.0 or later. Vulnerability Details...

7.3CVSS7.8AI score0.00844EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/22 12:53 p.m.24 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-45801)

Summary IBM Sterling Connect:Direct Web Services uses DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in depth check. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute...

7.3CVSS7.7AI score0.00844EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/11 5:27 p.m.298 views

DOMpurify has a nesting-based mXSS

DOMpurify was vulnerable to nesting-based mXSS fixed by 0ef5e537 2.x and merge 943 Backporter should be aware of GHSA-mmhx-hmjr-r674 CVE-2024-45801 when cherry-picking POC is avaible under test...

10CVSS6.6AI score0.01093EPSS
Exploits2References8Affected Software1
vulnersOsv
vulnersOsv
added 2024/09/16 8:34 p.m.10 views

@3t-transform/threeteeui (>=1.5.1 <=1.10.0), @accelbyte/sdk-legal (>=0.0.0-dev-20240828032938 <=6.0.2) +291 more potentially affected by CVE-2024-45801 via dompurify (>=3.0.0 <=3.1.2)

dompurify NPM version =3.0.0, =1.5.1, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =6.4.10, =5.1.1, =1.0.22, =1.0.12, =1.0.0, =1.0.22, =1.0.25, =0.0.1, =0.0.0-nightly-2022042277, =0.9.4-next.2 and more Source cves: CVE-2024-45801 Source advisory: OSV:GHSA-MMHX-HMJR-R674...

7.3CVSS7.1AI score0.00844EPSS
Exploits0
Wolfi
Wolfi
added 2024/09/16 7:16 p.m.15 views

CVE-2024-45801 vulnerabilities

Vulnerabilities for packages: argo-workflows...

7.3CVSS7.2AI score0.00844EPSS
Exploits0
Chainguard
Chainguard
added 2024/09/16 7:16 p.m.14 views

CVE-2024-45801 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, argo-workflows, opensearch-dashboards...

7.3CVSS7AI score0.00844EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/09/16 7:16 p.m.3 views

CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS6.8AI score0.00844EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/16 6:25 p.m.24 views

CVE-2024-45801 Tampering by prototype polution in DOMPurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS5.3AI score0.00844EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/09/16 6:25 p.m.30 views

CVE-2024-45801 Tampering by prototype polution in DOMPurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS0.00844EPSS
Exploits0References3
Rows per page
Query Builder