Описание
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for "Unicode (sub|super)script characters" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.16.10+~cs6.1.0-2 |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | code not present |
| esm-apps/noble | not-affected | 0.16.10+~cs6.1.0-2 |
| focal | ignored | end of standard support, was needs-triage |
| jammy | not-affected | code not present |
| mantic | ignored | end of life, was needs-triage |
| noble | not-affected | 0.16.10+~cs6.1.0-2 |
| oracular | not-affected | 0.16.10+~cs6.1.0-2 |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for "Unicode (sub|super)script characters" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...
KaTeX's maxExpand bypassed by Unicode sub/superscripts
EPSS
6.5 Medium
CVSS3