116 matches found
PT-2023-31364 · Growi · Growi
Name of the Vulnerable Software and Affected Versions: GROWI versions prior to v6.0.0 Description: A stored cross-site scripting issue exists when processing MathJax. This could allow an arbitrary script to be executed on the user's web browser if the vulnerability is exploited. Recommendations:...
Weseek GROWI Security Vulnerability
Weseek GROWI is a team collaboration software package from Weseek Japan. A security vulnerability exists in Weseek GROWI versions prior to 6.0.0, which stems from a stored cross-site scripting XSS vulnerability when processing MathJax...
Multiple vulnerabilities in GROWI
Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Stored cross-site scripting vulnerability in the App Settings /admin/app page and the Markdown Settings...
Regular Expression Denial Of Service (ReDoS)
mathjax is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists due to inefficient regular expression complexity in the components and markdown patterns, which allows an attacker to slow down the application if they can control the input to the MathJax.Message.Set or...
SUSE CVE-2023-39663
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
MathJax Regular expression Denial of Service (ReDoS)
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
@4qwerty7/mathjax-node-page (>=3.2.0 <=3.2.1), @4qwerty7/syzoj-renderer (>=1.0.7 <=1.2.1) +140 more potentially affected by CVE-2023-39663 via mathjax (>=2.6.1 <=2.7.9)
mathjax NPM version =2.6.1, =3.2.0, =1.0.7, =1.0.0, =1.0.0, =2.0.0, =1.0.36, =1.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =0.4.0, =0.1.1, =0.1.8 and more Source cves: CVE-2023-39663 Source advisory: OSV:GHSA-V638-Q856-GRG8...
GHSA-V638-Q856-GRG8 MathJax Regular expression Denial of Service (ReDoS)
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
CVE-2023-39663
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
CVE-2023-39663
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
CVE-2023-39663
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
UBUNTU-CVE-2023-39663
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
Input validation
DISPUTED Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
CVE-2023-39663
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
CVE-2023-39663
CVE-2023-39663 affects MathJax up to v2.7.9. The issue is two Regular Expression Denial of Service (ReDoS) flaws in MathJax.js triggered via the components pattern and markdownPattern. The vendor disputes the risk on the basis that the regexes aren’t applied to user input. Documented impact from ...
CVE-2023-39663
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
MathJax 安全漏洞
MathJax is an open source JavaScript display engine for LaTeX, MathML and AsciiMath representations for all modern browsers. A security vulnerability exists in MathJax version v2.7.9 and earlier. An attacker could exploit this vulnerability to conduct a regular expression denial of service attack...
CVE-2023-39663
Removed by vendor...
CVE-2023-39663
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
PT-2023-27062 · Mathjax · Mathjax
Name of the Vulnerable Software and Affected Versions: Mathjax versions up to v2.7.9 Description: The issue concerns two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. However, the vendor disputes this, stating that the...