Metrics
Affected Vendors & Products
Thu, 19 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat acm
|
|
CPEs | cpe:/a:redhat:acm:2.11::el9 | |
Vendors & Products |
Redhat acm
|
Wed, 04 Dec 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat ansible Automation Platform
|
|
CPEs | cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 |
|
Vendors & Products |
Redhat ansible Automation Platform
|
Tue, 22 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat network Observ Optr
|
|
CPEs | cpe:/a:redhat:network_observ_optr:1.7.0::el9 | |
Vendors & Products |
Redhat network Observ Optr
|
Tue, 08 Oct 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat cryostat
|
|
CPEs | cpe:/a:redhat:cryostat:3::el8 | |
Vendors & Products |
Redhat cryostat
|
Thu, 03 Oct 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat logging |
|
CPEs | cpe:/a:redhat:logging:5.9::el9 | |
Vendors & Products |
Redhat
Redhat logging |
Tue, 17 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Sep 2024 01:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Mon, 16 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |
Title | Tampering by prototype polution in DOMPurify | |
Weaknesses | CWE-1333 | |
References |
| |
Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-16T18:25:28.065Z
Updated: 2024-09-16T20:04:47.181Z
Reserved: 2024-09-09T14:23:07.503Z
Link: CVE-2024-45801
Updated: 2024-09-16T20:04:40.596Z
Status : Awaiting Analysis
Published: 2024-09-16T19:16:11.080
Modified: 2024-09-20T12:31:20.110
Link: CVE-2024-45801