DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
Metrics
Affected Vendors & Products
References
History
Mon, 02 Dec 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
Fri, 22 Nov 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat openshift
|
|
CPEs | cpe:/a:redhat:openshift:4.14::el8 | |
Vendors & Products |
Redhat openshift
|
Thu, 14 Nov 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat advanced Cluster Security |
|
CPEs | cpe:/a:redhat:advanced_cluster_security:4.4::el8 | |
Vendors & Products |
Redhat
Redhat advanced Cluster Security |
Fri, 01 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 31 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cure53
Cure53 dompurify |
|
CPEs | cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:* | |
Vendors & Products |
Cure53
Cure53 dompurify |
|
Metrics |
ssvc
|
Thu, 31 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. | |
Title | DOMPurify vulnerable to tampering by prototype polution | |
Weaknesses | CWE-1321 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-10-31T14:22:52.867Z
Updated: 2024-10-31T15:55:39.716Z
Reserved: 2024-10-09T22:06:46.171Z
Link: CVE-2024-48910
Vulnrichment
Updated: 2024-10-31T15:54:01.854Z
NVD
Status : Awaiting Analysis
Published: 2024-10-31T15:15:15.720
Modified: 2024-11-01T12:57:03.417
Link: CVE-2024-48910
Redhat