2 matches found
CVE-2024-28246 KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols
KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...
GHSA-3WC5-FCW2-2329 KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Impact Code that uses KaTeX's trust option, specifically that provides a function to block-list certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate javascript: links in the...