Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12NjM4LXE4NTYtZ3JnOM4AA1jV
MathJax Regular expression Denial of Service (ReDoS)
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.
Permalink: https://github.com/advisories/GHSA-v638-q856-grg8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NjM4LXE4NTYtZ3JnOM4AA1jV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 8 months ago
Updated: 3 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-v638-q856-grg8, CVE-2023-39663
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-39663
- https://github.com/mathjax/MathJax/issues/3074
- https://github.com/advisories/GHSA-v638-q856-grg8
Blast Radius: 24.8
Affected Packages
npm:mathjax
Dependent packages: 157Dependent repositories: 2,044
Downloads: 506,125 last month
Affected Version Ranges: <= 2.7.9
No known fixed version
All affected versions: 2.5.1, 2.6.1, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9