Description
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.7.9
References
Related Issues
- Regular Expression Denial of Service (ReDoS) in lodash (GHSA-29mw-wpgm-hmr9) 3 - CVE-2020-28500
- Regular Expression Denial of Service (ReDoS) (GHSA-vx3p-948g-6vhq) - CVE-2021-27290
- Regular Expression Denial of Service (ReDoS) in Prism - CVE-2021-32723
- html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS) - CVE-2021-23346
- Tags:
- npm
- mathjax
Anything's wrong? Let us know Last updated on January 31, 2024