Description
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.7.9
References
Related Issues
- angular vulnerable to regular expression denial of service via the $resource service - CVE-2023-26117
- jsPDF Bypass Regular Expression Denial of Service (ReDoS) - CVE-2025-29907
- Regular Expression Denial of Service in Headers - CVE-2023-24807
- Marked allows Regular Expression Denial of Service (ReDoS) attacks - CVE-2018-25110
- Tags:
- npm
- mathjax
Anything's wrong? Let us know Last updated on January 31, 2024