7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.1%
mathjax is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability exists due to inefficient regular expression complexity in the components and markdown patterns, which allows an attacker to slow down the application if they can control the input to the MathJax.Message.Set()
or MathJax.Localization._()
functions.
CPE | Name | Operator | Version |
---|---|---|---|
mathjax | le | 4.0.0-beta.3 | |
mathjax | le | 4.0.0-beta.3 | |
mathjax | le | 4.0.0-beta.3 | |
mathjax | le | 4.0.0-beta.3 |