5 matches found
EUVD-2024-0807
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-28246
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain...
CVE-2025-23207
CVE-2025-23207 affects KaTeX, a JavaScript library for web math rendering. The vulnerability arises when untrusted expressions are rendered via renderToString, where malicious input using \htmlData can execute arbitrary JavaScript or produce invalid HTML. The public advisories recommend upgrading...
CVE-2025-23207 \htmlData does not validate attribute names in KaTeX
KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...
DEBIAN-CVE-2024-28245
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability...