How severe is CVE-2024-28246?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-28246?

This is classified as CWE-184, which is a common weakness in software security.

CVE-2024-28246 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

Related Vulnerabilities

CVE-2021-1255

MEDIUM

CVSS:5.4(Medium)

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorizatio...

CWE-1842021

CVE-2022-35962

MEDIUM

CVSS:5.7(Medium)

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to ...

CWE-1842022

CVE-2024-23336

MEDIUM

CVSS:5.0(Medium)

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerabil...

CWE-1842024

CVE-2022-38179

MEDIUM

CVSS:6.1(Medium)

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

CWE-1842022

CVE-2024-5178

MEDIUM

CVSS:4.9(Medium)

ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user ...

CWE-1842024

CVE-2021-25737

MEDIUM

CVSS:4.8(Medium)

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or l...

CWE-1842021