CVE-2024-47875

Опубликовано: 11 окт. 2024

Источник: redhat

CVSS3: 8

EPSS Низкий

Описание

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Migration Toolkit for Virtualization	migration-toolkit-virtualization/mtv-console-plugin-rhel9	Affected
Multicluster Engine for Kubernetes	multicluster-engine/console-mce-rhel9	Not affected
Multicluster Engine for Kubernetes	multicluster-engine/multicluster-engine-console-mce-rhel9	Not affected
Network Observability Operator	network-observability/network-observability-console-plugin-rhel9	Not affected
Node HealthCheck Operator	workload-availability/node-remediation-console-rhel8	Will not fix
OpenShift Pipelines	openshift-pipelines/pipelines-console-plugin-rhel8	Affected
Red Hat 3scale API Management Platform 2	3scale-amp-system-container	Affected
Red Hat Advanced Cluster Management for Kubernetes 2	rhacm2/console-rhel8	Not affected
Red Hat Advanced Cluster Security 4	advanced-cluster-security/rhacs-central-db-rhel8	Not affected
Red Hat Advanced Cluster Security 4	advanced-cluster-security/rhacs-main-rhel8	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2318052dompurify: nesting-based mutation XSS vulnerability

EPSS

Процентиль: 55%

0.00324

Низкий

8 High

CVSS3

Связанные уязвимости

CVE-2024-47875

CVSS3: 10

ubuntu

8 месяцев назад

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

CVE-2024-47875

CVSS3: 10

nvd

8 месяцев назад

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

CVE-2024-47875

CVSS3: 10

debian

8 месяцев назад

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...

GHSA-gx9m-whjm-85jf

CVSS3: 10

github

8 месяцев назад

DOMpurify has a nesting-based mXSS

BDU:2024-08024

CVSS3: 10

fstec

8 месяцев назад

Уязвимость JavaScript-библиотеки для безопасной очистки и защиты HTML-кода DOMPurify, связанная с недостатками проверки входных данных, содержащих признаки XSS-атаки, позволяющая нарушителю осуществить межсайтовую сценарную атаку

EPSS

Процентиль: 55%

0.00324

Низкий

8 High

CVSS3