DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
CVE-2024-47875 - Critical Severity Vulnerability
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin
Library home page: https://registry.npmjs.org/dompurify/-/dompurify-2.1.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/dompurify/package.json
Dependency Hierarchy: - docsify-cli-4.4.1.tgz (Root Library) - docsify-server-renderer-4.11.6.tgz - :x: **dompurify-2.1.1.tgz** (Vulnerable Library)
Found in base branch: main
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
Publish Date: 2024-10-11
URL: CVE-2024-47875
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-47875
Release Date: 2024-10-11
Fix Resolution (dompurify): 2.5.0
Direct dependency fix Resolution (docsify-cli): 4.4.2
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.