Описание
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.
Ссылки
- ExploitIssue TrackingVendor Advisory
- ExploitIssue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.9 (включая)
cpe:2.3:a:mathjax:mathjax:*:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00188
Низкий
7.5 High
CVSS3
Дефекты
CWE-1333
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 2 лет назад
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.
CVSS3: 7.5
debian
больше 2 лет назад
Mathjax up to v2.7.9 was discovered to contain two Regular expression ...
CVSS3: 7.5
github
больше 2 лет назад
MathJax Regular expression Denial of Service (ReDoS)
EPSS
Процентиль: 41%
0.00188
Низкий
7.5 High
CVSS3
Дефекты
CWE-1333