CVE-2024-28245

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-28245

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-28245.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-28245

Aliases

GHSA-f98w-7cxr-ff2h

Downstream

DEBIAN-CVE-2024-28245

UBUNTU-CVE-2024-28245

USN-7572-1

Related

GHSA-f98w-7cxr-ff2h

Published

2024-03-25T20:15:08Z

Modified

2025-09-19T14:59:15.783007Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

References

Affected packages

Git / github.com/katex/katex

Affected ranges

Type: GIT
Repo: https://github.com/katex/katex
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c5897fcd1f73da9612a53e6b5544f1d776e17770

Affected versions

v0.*

v0.1.0

v0.1.1

v0.13.0

v0.13.1

v0.13.10

v0.13.11

v0.13.12

v0.13.13

v0.13.14

v0.13.15

v0.13.16

v0.13.17

v0.13.18

v0.13.19

v0.13.2

v0.13.20

v0.13.21

v0.13.22

v0.13.23

v0.13.24

v0.13.3

v0.13.4

v0.13.5

v0.13.6

v0.13.7

v0.13.8

v0.13.9

v0.14.0

v0.14.1

v0.15.0

v0.15.1

v0.15.2

v0.15.3

v0.15.4

v0.15.5

v0.15.6

v0.16.0

v0.16.1

v0.16.2

v0.16.3

v0.16.4

v0.16.5

v0.16.6

v0.16.7

v0.16.8

v0.16.9

v0.2.0

v0.3.0