63 matches found
Arbitrary Code Injection
Overview org.webjars:prismjs is a lightweight, robust, elegant syntax highlighting library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended actions by...
CVE-2024-53382
Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
CVE-2024-53382
Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
CVE-2024-53382
PrismJS (Prism) 1.29.0 and earlier is vulnerable to DOM clobbering that can lead to XSS when untrusted HTML containing markup is processed, because document.currentScript can be shadowed by attacker-injected HTML elements. IBM security notes tie CVE-2024-53382 to PrismJS and document the affected...
CVE-2024-53382
Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
CVE-2024-53382
Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
Malicious code in prismjs-editor-v1 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-11423 Malicious code in prismjs-editor-v1 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in prismjs-editor-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 040f9d206fa46c86f67191c2a1777918670867a6e0888635b2f08567360ba10f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9244 Malicious code in prismjs-editor-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 040f9d206fa46c86f67191c2a1777918670867a6e0888635b2f08567360ba10f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
prismjs: improperly escaped output allows a XSS
A Cross-site scripting attack was found in Prism. The command-line plugin did not properly escape its output. This issue leads to the input text being inserted into the Document Object Model DOM as HTML code, which can be exploited by an attacker...
Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.3.0.GA]
An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact o...
@21epub/resource-lib (>=1.0.0 <=1.0.3), @2fn/helpers (>=1.0.0 <=1.0.1) +2954 more potentially affected by CVE-2021-3801 via prismjs (>=0.0.1 <=1.24.1)
prismjs NPM version =0.0.1, =1.0.0, =1.0.0, =1.0.23, =1.0.1, =1.2.0, =1.0.0, =1.1.4, =1.16.0, =1.1.2, =0.5.19-20200320212412, =1.0.0-beta.10, =1.0.0-beta.14 - @adebawo-damilare/esm-reports-app =5.2.0 - @admin-bro/design-system =1.4.0 - @afzalh/aug07 =1.1.2 and more Source cves: CVE-2021-3801 Sour...
prismjs Regular Expression Denial of Service vulnerability
Prism is a syntax highlighting library. The prismjs package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU...
CVE-2021-3801
Insufficient Regular Expression Complexity in prismjs leads to a Regular Expression Denial of Service ReDoS attack. An unauthenticated attacker can exploit this flaw to cause an application to consume an excess amount of CPU by providing a crafted HTML comment as input. This can result in a denia...
Inefficient Regular Expression Complexity in prismjs/prism
✍️ Description The prismjs package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. 🕵️♂️ Proof of Concept...
CVE-2021-32723
A flaw was found in npm-prismjs. An attacker can craft a string that will take a very long time to highlight when used to work with un-trusted text resulting in ReDoS. This can affect the system availability. There is no known risk of privilege escalation on data compromise. Mitigation As a...
Regular Expression Denial of Service
Overview In prismjs before 1.24.0 some languages are vulnerable to Regular Expression Denial of Service ReDoS. Impact When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. Do not use the following languages to...
@21epub/resource-lib (>=1.0.0 <=1.0.3), @2fn/helpers (>=1.0.0 <=1.0.1) +2795 more potentially affected by CVE-2021-32723 via prismjs (>=0.0.1 <=1.23.0)
prismjs NPM version =0.0.1, =1.0.0, =1.0.0, =1.0.23, =1.0.1, =1.2.0, =1.0.0, =1.1.4, =1.16.0, =1.1.2, =0.5.19-20200320212412, =1.0.0-beta.10, =1.0.0-beta.14 - @adebawo-damilare/esm-reports-app =5.2.0 - @admin-bro/design-system =1.4.0 - @afzalh/aug07 =1.1.2 and more Source cves: CVE-2021-32723...
Regular Expression Denial of Service
Overview prismjs versions before 1.23.0 are vulnerable to Regular Expression Denial of Service ReDoS via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. Recommendation Upgrade to version 1.23.0 or later References - Snyk Advisory - GitHub Advisory - CVE...