Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by KaTeX
CVE-2025-23207 (GCVE-0-2025-23207)
Vulnerability from cvelistv5 – Published: 2025-01-17 21:25 – Updated: 2025-01-17 21:32
VLAI
Title
\htmlData does not validate attribute names in KaTeX
Summary
KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade to KaTeX v0.16.21 to remove this vulnerability. Users unable to upgrade should avoid use of or turn off the `trust` option, or set it to forbid `\htmlData` commands, forbid inputs containing the substring `"\\htmlData"` and sanitize HTML output from KaTeX.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/KaTeX/KaTeX/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/KaTeX/KaTeX/commit/ff289955e81… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T21:32:10.973799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T21:32:24.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KaTeX",
"vendor": "KaTeX",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.12.0, \u003c 0.16.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade to KaTeX v0.16.21 to remove this vulnerability. Users unable to upgrade should avoid use of or turn off the `trust` option, or set it to forbid `\\htmlData` commands, forbid inputs containing the substring `\"\\\\htmlData\"` and sanitize HTML output from KaTeX."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T21:25:05.746Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546"
},
{
"name": "https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c"
}
],
"source": {
"advisory": "GHSA-cg87-wmx4-v546",
"discovery": "UNKNOWN"
},
"title": "\\htmlData does not validate attribute names in KaTeX"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-23207",
"datePublished": "2025-01-17T21:25:05.746Z",
"dateReserved": "2025-01-13T17:15:41.050Z",
"dateUpdated": "2025-01-17T21:32:24.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28246 (GCVE-0-2024-28246)
Vulnerability from cvelistv5 – Published: 2024-03-25 20:00 – Updated: 2024-08-02 00:48
VLAI
Title
KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols
Summary
KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/KaTeX/KaTeX/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/KaTeX/KaTeX/commit/fc5af64183a… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:04:56.873982Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T00:05:12.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329"
},
{
"name": "https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KaTeX",
"vendor": "KaTeX",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.11.0, \u003c 0.16.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX\u0027s `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) =\u003e context.protocol !== \u0027javascript\u0027`. Upgrade to KaTeX v0.16.10 to remove this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697: Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T20:00:17.211Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329"
},
{
"name": "https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de"
}
],
"source": {
"advisory": "GHSA-3wc5-fcw2-2329",
"discovery": "UNKNOWN"
},
"title": "KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28246",
"datePublished": "2024-03-25T20:00:17.211Z",
"dateReserved": "2024-03-07T14:33:30.036Z",
"dateUpdated": "2024-08-02T00:48:49.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28245 (GCVE-0-2024-28245)
Vulnerability from cvelistv5 – Published: 2024-03-25 19:53 – Updated: 2024-08-02 00:48
VLAI
Title
KaTeX's \includegraphics does not escape filename
Summary
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/KaTeX/KaTeX/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/KaTeX/KaTeX/commit/c5897fcd1f7… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:katex:katex:0.11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "katex",
"vendor": "katex",
"versions": [
{
"lessThan": "0.16.10",
"status": "affected",
"version": "0.11.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-26T19:26:52.258854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:39:52.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h"
},
{
"name": "https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KaTeX",
"vendor": "KaTeX",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.11.0, \u003c 0.6.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T19:53:01.320Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h"
},
{
"name": "https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770"
}
],
"source": {
"advisory": "GHSA-f98w-7cxr-ff2h",
"discovery": "UNKNOWN"
},
"title": "KaTeX\u0027s \\includegraphics does not escape filename"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28245",
"datePublished": "2024-03-25T19:53:01.320Z",
"dateReserved": "2024-03-07T14:33:30.036Z",
"dateUpdated": "2024-08-02T00:48:49.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28244 (GCVE-0-2024-28244)
Vulnerability from cvelistv5 – Published: 2024-03-25 19:45 – Updated: 2024-08-02 00:48
VLAI
Title
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Summary
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for "Unicode (sub|super)script characters" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/KaTeX/KaTeX/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/KaTeX/KaTeX/commit/085e21b5da0… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-27T19:31:17.212689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:04:04.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc"
},
{
"name": "https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KaTeX",
"vendor": "KaTeX",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.15.4, \u003c 0.16.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\\def` or `\\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for \"Unicode (sub|super)script characters\" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T19:45:50.907Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc"
},
{
"name": "https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2"
}
],
"source": {
"advisory": "GHSA-cvr6-37gx-v8wc",
"discovery": "UNKNOWN"
},
"title": "KaTeX\u0027s maxExpand bypassed by Unicode sub/superscripts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28244",
"datePublished": "2024-03-25T19:45:50.907Z",
"dateReserved": "2024-03-07T14:33:30.036Z",
"dateUpdated": "2024-08-02T00:48:49.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28243 (GCVE-0-2024-28243)
Vulnerability from cvelistv5 – Published: 2024-03-25 19:40 – Updated: 2026-02-05 15:26
VLAI
Title
KaTeX's maxExpand bypassed by \edef
Summary
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/KaTeX/KaTeX/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/github/advisory-database/pull/6777 | x_refsource_MISC |
| https://github.com/KaTeX/KaTeX/commit/e88b4c357f9… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T19:45:30.747278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:43.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w"
},
{
"name": "https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KaTeX",
"vendor": "KaTeX",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.12.0, \u003c 0.16.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user\u0027s KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T15:26:36.281Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w"
},
{
"name": "https://github.com/github/advisory-database/pull/6777",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/github/advisory-database/pull/6777"
},
{
"name": "https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34"
}
],
"source": {
"advisory": "GHSA-64fm-8hw2-v72w",
"discovery": "UNKNOWN"
},
"title": "KaTeX\u0027s maxExpand bypassed by \\edef"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28243",
"datePublished": "2024-03-25T19:40:00.843Z",
"dateReserved": "2024-03-07T14:33:30.036Z",
"dateUpdated": "2026-02-05T15:26:36.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}