CVE-2024-47875

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-47875

CGA ID

CGA-c8mw-2r5f-43qx

Severity

Unknown

Description

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

References

https://images.chainguard.dev/security/CGA-c8mw-2r5f-43qx
https://github.com/advisories/GHSA-gx9m-whjm-85jf
https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f
https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a
https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098
https://security-tracker.debian.org/tracker/CVE-2024-47875

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2024-47875

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources