10 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to Inefficient Regular Expression Complexity in Grafana (CVE-2024-45801)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-45801 Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML,...
Security Bulletin: IBM Security SOAR is vulnerable to client-side vulnerability (CVE-2024-45801)
Summary IBM Security SOAR was using a UI component which contained a vulnerability that could lead to a client-side arbitrary code execution CVE-2024-45801. The vulnerable component has been removed from the UI. Please upgrade to IBM Security SOAR version 51.0.4.0 or later. Vulnerability Details...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-45801)
Summary IBM Sterling Connect:Direct Web Services uses DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in depth check. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute...
DOMpurify has a nesting-based mXSS
DOMpurify was vulnerable to nesting-based mXSS fixed by 0ef5e537 2.x and merge 943 Backporter should be aware of GHSA-mmhx-hmjr-r674 CVE-2024-45801 when cherry-picking POC is avaible under test...
@3t-transform/threeteeui (>=1.5.1 <=1.10.0), @accelbyte/sdk-legal (>=0.0.0-dev-20240828032938 <=6.0.2) +291 more potentially affected by CVE-2024-45801 via dompurify (>=3.0.0 <=3.1.2)
dompurify NPM version =3.0.0, =1.5.1, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =6.4.10, =5.1.1, =1.0.22, =1.0.12, =1.0.0, =1.0.22, =1.0.25, =0.0.1, =0.0.0-nightly-2022042277, =0.9.4-next.2 and more Source cves: CVE-2024-45801 Source advisory: OSV:GHSA-MMHX-HMJR-R674...
CVE-2024-45801 vulnerabilities
Vulnerabilities for packages: argo-workflows...
CVE-2024-45801 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, argo-workflows, opensearch-dashboards...
CVE-2024-45801
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
CVE-2024-45801 Tampering by prototype polution in DOMPurify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
CVE-2024-45801 Tampering by prototype polution in DOMPurify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...