Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
KaTeX's \includegraphics does not escape filename
Vulnerability Description
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对输出编码和转义不恰当
Vulnerability Title
KaTeX 安全漏洞
Vulnerability Description
KaTeX是一个快速、易于使用的 JavaScript 库,用于在网络上进行 TeX 数学渲染。 KaTeX v0.16.10 版本之前存在安全漏洞,该漏洞源于渲染不受信任的数学表达式的 KaTeX 用户可能会遇到使用运行任意 JavaScript 的 includegraphics 的恶意输入,或生成无效的 HTML。
CVSS Information
N/A
Vulnerability Type
N/A