DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
CVE-2024-48910 - Critical Severity Vulnerability
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin
Library home page: https://registry.npmjs.org/dompurify/-/dompurify-2.3.6.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/dompurify/package.json
Dependency Hierarchy: - :x: **dompurify-2.3.6.tgz** (Vulnerable Library)
Found in HEAD commit: 47a52f8e977fa1725a202abf8ba2826e5236ca8b
Found in base branch: master
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
Publish Date: 2024-10-31
URL: CVE-2024-48910
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr
Release Date: 2024-10-31
Fix Resolution: 2.4.2
Step up your Open Source Security Game with Mend here