Lucene search
K

126 matches found

OSV
OSV
added 2024/03/25 8:15 p.m.3 views

DEBIAN-CVE-2024-28245

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability...

6.1CVSS6.6AI score0.00406EPSS
Exploits0References1
OSV
OSV
added 2024/03/25 8:15 p.m.4 views

DEBIAN-CVE-2024-28244

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. KaTeX supports an option named...

6.5CVSS6.4AI score0.02155EPSS
Exploits0References1
OSV
OSV
added 2024/03/25 8:15 p.m.2 views

DEBIAN-CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

5.4CVSS5.5AI score0.00406EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/03/25 8:15 p.m.2 views

CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

6.5CVSS5.5AI score0.01414EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/03/25 8:15 p.m.17 views

CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

6.5CVSS6.3AI score0.01414EPSS
Exploits0References3
OSV
OSV
added 2024/03/25 8:15 p.m.2 views

DEBIAN-CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

6.5CVSS6.4AI score0.01414EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/03/25 8:15 p.m.15 views

CVE-2024-28245

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability...

6.3CVSS6.7AI score0.00406EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/03/25 8:15 p.m.23 views

CVE-2024-28244

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. KaTeX supports an option named...

6.5CVSS6.5AI score0.02155EPSS
Exploits0References4
OSV
OSV
added 2024/03/25 8:15 p.m.1 views

UBUNTU-CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

5.5CVSS6.1AI score0.00406EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/03/25 8:15 p.m.26 views

CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

6.5CVSS6.6AI score0.01414EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/03/25 8:15 p.m.15 views

CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

5.5CVSS6.1AI score0.00406EPSS
Exploits0References5
OSV
OSV
added 2024/03/25 8:15 p.m.1 views

UBUNTU-CVE-2024-28245

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability...

6.3CVSS6.7AI score0.00406EPSS
Exploits0References6
OSV
OSV
added 2024/03/25 8:15 p.m.1 views

UBUNTU-CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

6.5CVSS6.5AI score0.01414EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/03/25 8:0 p.m.36 views

CVE-2024-28246 KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

5.5CVSS5.8AI score0.00406EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/25 8:0 p.m.19 views

CVE-2024-28246 KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

5.5CVSS7.2AI score0.00406EPSS
Exploits0References2
CVE
CVE
added 2024/03/25 8:0 p.m.92 views

CVE-2024-28246

KaTeX vulnerability CVE-2024-28246 arises from missing normalization of URL protocols, allowing uppercase variants to bypass a trust check and generate javascript: links in output. Affected: KaTeX JavaScript library; root cause: protocol case handling in trust function; impact: potential executio...

5.5CVSS5.4AI score0.00406EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/03/25 8:0 p.m.22 views

CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

5.5CVSS5.4AI score0.00406EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/03/25 7:53 p.m.12 views

CVE-2024-28245 KaTeX's \includegraphics does not escape filename

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability...

6.3CVSS6.3AI score0.00406EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/25 7:53 p.m.18 views

CVE-2024-28245 KaTeX's \includegraphics does not escape filename

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability...

6.3CVSS6.5AI score0.00406EPSS
Exploits0References2
CVE
CVE
added 2024/03/25 7:53 p.m.73 views

CVE-2024-28245

CVE-2024-28245 affects KaTeX, a JavaScript library for TeX rendering. The issue arises when rendering untrusted inputs via the \includegraphics pathway, potentially enabling arbitrary JavaScript execution or invalid HTML due to insufficient escaping. The root cause described in the linked advisor...

6.3CVSS6.2AI score0.00406EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder