All 5 CVE vulnerabilities found in KaTeX, with AI-generated Chinese analysis, references, and POCs.
Vendor: KaTeX
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-23207 | \htmlData does not validate attribute names in KaTeX CWE-116 | 6.3 | Medium | 2025-01-17 |
| CVE-2024-28246 | KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols CWE-184 | 5.5 | Medium | 2024-03-25 |
| CVE-2024-28245 | KaTeX's \includegraphics does not escape filename CWE-116 | 6.3 | Medium | 2024-03-25 |
| CVE-2024-28244 | KaTeX's maxExpand bypassed by Unicode sub/superscripts CWE-674 | 6.5 | Medium | 2024-03-25 |
| CVE-2024-28243 | KaTeX's maxExpand bypassed by \edef CWE-674 | 6.5 | Medium | 2024-03-25 |
All 5 known CVE vulnerabilities affecting KaTeX with full Chinese analysis, references, and POCs where available.