Security Bulletin: There is a vulnerability in prismjs-1.23.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite ( CVE-2021-32723)

Summary There is a vulnerability in prismjs-1.23.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2021-32723 DESCRIPTION: Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability [CVE-2024-53382]

Summary IBM Security SOAR uses an older version of prismjs that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to the latest applicable fix pack 51.0.6.0 . Vulnerability Details CVEID:CVE-2024-53382...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses prismjs-1.29.0.tgz which is vulnerable to CVE-2024-53382.

Summary IBM Maximo Application Suite - Manage Component uses prismjs-1.29.0.tgz which is vulnerable to CVE-2024-53382. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-53382 DESCRIPTION: Prism aka PrismJS through 1.29.0 allows DO...

CVE-2024-53382

A flaw was found in the prism-autoloader plugin of the Prism library. The prism-autoloader plugin uses document.currentScript as the base URL for dynamically loading other dependencies and, in certain circumstances, can be vulnerable to a DOM Clobbering attack. This issue could lead to Cross-site...

PrismJS DOM Clobbering vulnerability

Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

CVE-2024-53382

Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

Arbitrary Code Injection

Overview org.webjars.npm:prismjs is a lightweight, robust, elegant syntax highlighting library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended action...

Arbitrary Code Injection

Overview org.webjars:prismjs is a lightweight, robust, elegant syntax highlighting library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended actions by...

CVE-2024-53382

Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

CVE-2024-53382

Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

@21epub/resource-lib (>=1.0.0 <=1.0.3), @2fn/helpers (>=1.0.0 <=1.0.1) +2961 more potentially affected by CVE-2021-3801 via prismjs (>=0.0.1 <=1.24.1)

prismjs NPM version =0.0.1, =1.0.0, =1.0.0, =1.0.23, =1.0.1, =1.2.0, =1.0.0, =1.1.4, =1.16.0, =1.1.2, =0.5.19-20200320212412, =1.0.0-beta.10, =1.0.0-beta.14 - @adebawo-damilare/esm-reports-app =5.2.0 - @admin-bro/design-system =1.4.0 - @afzalh/aug07 =1.1.2 and more Source cves: CVE-2021-3801 Sour...

@21epub/resource-lib (>=1.0.0 <=1.0.3), @2fn/helpers (>=1.0.0 <=1.0.1) +2802 more potentially affected by CVE-2021-32723 via prismjs (>=0.0.1 <=1.23.0)

prismjs NPM version =0.0.1, =1.0.0, =1.0.0, =1.0.23, =1.0.1, =1.2.0, =1.0.0, =1.1.4, =1.16.0, =1.1.2, =0.5.19-20200320212412, =1.0.0-beta.10, =1.0.0-beta.14 - @adebawo-damilare/esm-reports-app =5.2.0 - @admin-bro/design-system =1.4.0 - @afzalh/aug07 =1.1.2 and more Source cves: CVE-2021-32723...

CVE-2021-23341

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service ReDoS via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components...

UBUNTU-CVE-2021-23341

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service ReDoS via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components...

@21epub/resource-lib (>=1.0.0 <=1.0.3), @2fn/helpers (>=1.0.0 <=1.0.1) +2763 more potentially affected by CVE-2021-23341 via prismjs (>=1.10.0 <=1.22.0)

prismjs NPM version =1.10.0, =1.0.0, =1.0.0, =1.0.23, =1.0.1, =1.2.0, =1.0.0, =1.1.4, =1.16.0, =1.1.2, =0.5.19-20200320212412, =1.0.0-beta.10, =1.0.0-beta.14 - @adebawo-damilare/esm-reports-app =5.2.0 - @admin-bro/design-system =1.4.0 - @afzalh/aug07 =1.1.2 and more Source cves: CVE-2021-23341...

Prismjs Security Vulnerability

Prism is an application from the US-based individual developers of Prism. It is a lightweight, extensible syntax highlighting tool. A security vulnerability exists in Prismjs. The vulnerability stems from the application's susceptibility to a denial of service ReDoS attack triggered by a regular...