Description
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.7.9
References
Related Issues
- angular vulnerable to regular expression denial of service via the angular.copy() utility - CVE-2023-26116
- jspdf vulnerable to Regular Expression Denial of Service (ReDoS) - CVE-2021-23353
- angular vulnerable to regular expression denial of service via the $resource service - CVE-2023-26117
- angular vulnerable to regular expression denial of service via the <input type="url"> element - CVE-2023-26118
You might also like:
- Tags:
- npm
- mathjax
Anything's wrong? Let us know Last updated on January 31, 2024


