GHSA-v638-q856-grg8

Suggest an improvement
Source
https://github.com/advisories/GHSA-v638-q856-grg8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-v638-q856-grg8/GHSA-v638-q856-grg8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v638-q856-grg8
Aliases
Published
2023-08-29T21:30:21Z
Modified
2024-01-31T00:26:42.192940Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
MathJax Regular expression Denial of Service (ReDoS)
Details

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.

Database specific 
{
    "github_reviewed_at": "2024-01-31T00:02:46Z",
    "cwe_ids": [
        "CWE-1333"
    ],
    "nvd_published_at": "2023-08-29T20:15:09Z",
    "severity": "HIGH",
    "github_reviewed": true
}
References

Affected packages

npm / mathjax

Package

Name
mathjax
View open source insights on deps.dev
Purl
pkg:npm/mathjax

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.7.9