dompurify: nesting-based mutation XSS vulnerability

A flaw was found in DOMPurify that could allow for a nesting-based mXSS to not be properly sanitized...

dompurify: nesting-based mutation XSS vulnerability

A flaw was found in DOMPurify that could allow for a nesting-based mXSS to not be properly sanitized...

SUSE CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

GHSA-GX9M-WHJM-85JF DOMpurify has a nesting-based mXSS

DOMpurify was vulnerable to nesting-based mXSS fixed by 0ef5e537 2.x and merge 943 Backporter should be aware of GHSA-mmhx-hmjr-r674 CVE-2024-45801 when cherry-picking POC is avaible under test...

DEBIAN-CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

UBUNTU-CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875 DOMPurify nesting-based mXSS

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

protobuf: StackOverflow vulnerability in Protocol Buffers

A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

GHSA-MMHX-HMJR-R674 DOMPurify allows tampering by prototype pollution

It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid XSS attack. Fixed by...

DEBIAN-CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

DOMPurify 安全漏洞

DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify versions prior to 2.5.4 and prior to 3.1.3, which stems from malicious HTML using a special nesting technique to bypass the depth...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-069)

The version of kernel installed on the remote host is prior to 5.10.224-212.876. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-069 advisory. 2024-12-05: CVE-2024-41042 was added to this advisory. 2024-09-26: CVE-2024-42302 was added to this...

DEBIAN-CVE-2024-34158

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

CVE-2024-43880

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

CVE-2024-43880

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

CVE-2024-43880 mlxsw: spectrum_acl_erp: Fix object nesting warning

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an object nesting warning issue in the mlxsw component when handling ACLs...

SUSE CVE-2024-43846

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...