CVE-2025-23207
- EPSS 0.03%
- Veröffentlicht 17.01.2025 22:15:29
- Zuletzt bearbeitet 08.09.2025 21:17:11
KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or ge...
CVE-2024-28244
- EPSS 0.18%
- Veröffentlicht 25.03.2024 20:15:08
- Zuletzt bearbeitet 02.09.2025 13:34:14
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to ...
CVE-2024-28245
- EPSS 0.05%
- Veröffentlicht 25.03.2024 20:15:08
- Zuletzt bearbeitet 02.09.2025 13:28:43
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to K...
CVE-2024-28246
- EPSS 0.06%
- Veröffentlicht 25.03.2024 20:15:08
- Zuletzt bearbeitet 02.09.2025 16:36:38
KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters ...
CVE-2024-28243
- EPSS 0.36%
- Veröffentlicht 25.03.2024 20:15:07
- Zuletzt bearbeitet 05.02.2026 16:15:49
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops...