Home > Vulnerability Database > CVE-2024-28245

Mend.io Vulnerability Database

CVE-2024-28245

Good to know:

Date: March 25, 2024

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using "\includegraphics" that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

Language: JS

Severity Score

6.3

Related Resources (6)

Url: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-28245

Url: https://security-tracker.debian.org/tracker/CVE-2024-28245

Url: https://github.com/KaTeX/KaTeX

Url: https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770

Url: https://www.mend.io/vulnerability-database/CVE-2024-28245

Severity Score

6.3

Weakness Type (CWE)

Improper Encoding or Escaping of Output

CWE-116

Top Fix

Upgrade Version

Upgrade to version katex - 0.16.10

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-28245

Good to know:

Date: March 25, 2024

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?