exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2024-28243

почти 2 года назад

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

CVSS3: 6.5

EPSS: Низкий

CVE-2024-28243

почти 2 года назад

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

CVSS3: 6.5

EPSS: Низкий

CVE-2024-28243

почти 2 года назад

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...

CVSS3: 6.5

EPSS: Низкий

GHSA-64fm-8hw2-v72w

почти 2 года назад

KaTeX's maxExpand bypassed by `\edef`

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-28243 KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.	CVSS3: 6.5	0% Низкий	почти 2 года назад
CVE-2024-28243 KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.	CVSS3: 6.5	0% Низкий	почти 2 года назад
CVE-2024-28243 KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...	CVSS3: 6.5	0% Низкий	почти 2 года назад
GHSA-64fm-8hw2-v72w KaTeX's maxExpand bypassed by `\edef`	CVSS3: 6.5	0% Низкий	почти 2 года назад

Уязвимостей на страницу