Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.
{ "github_reviewed_at": "2024-01-31T00:02:46Z", "cwe_ids": [ "CWE-1333" ], "nvd_published_at": "2023-08-29T20:15:09Z", "severity": "HIGH", "github_reviewed": true }