CVE-2024-28245
Published: 25 March 2024
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
Priority
Status
Package | Release | Status |
---|---|---|
node-katex Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
upstream |
Needs triage
|
References
- https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h
- https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770 (v0.16.10)
- https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770
- https://www.cve.org/CVERecord?id=CVE-2024-28245
- NVD
- Launchpad
- Debian