11 matches found
EUVD-2019-8950
Malware in sbrugna...
[SECURITY] Fedora 42 Update: python-asteval-1.0.6-1.fc42
ASTEVAL is a safeish evaluator of Python expressions and statements, using Python's ast module. The idea is to provide a simple, safe, and robust miniature mathematical language that can handle user-input. The emphasis here is on mathematical expressions, and so many functions from numpy are...
Linux Distros Unpatched Vulnerability : CVE-2024-28245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using...
CVE-2025-23207 \htmlData does not validate attribute names in KaTeX
KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...
CVE-2024-28245
CVE-2024-28245 affects KaTeX, a JavaScript library for TeX rendering. The issue arises when rendering untrusted inputs via the \includegraphics pathway, potentially enabling arbitrary JavaScript execution or invalid HTML due to insufficient escaping. The root cause described in the linked advisor...
CVE-2024-28245 KaTeX's \includegraphics does not escape filename
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability...
CVE-2024-28244
KaTeX, a JavaScript library for web TeX rendering, has a vulnerability where Unicode subscript/superscript characters create separate Parser instances that do not inherit the parent macro-execution limit, bypassing maxExpand and allowing near-infinite loops. This affects inputs rendering untruste...
CVE-2024-28243 KaTeX's maxExpand bypassed by \edef
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...
CVE-2024-28243
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...
CVE-2019-15722
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources...
CVE-2019-15722
Removed by vendor...