npm package
katex
pkg:npm/katex
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-23207 | — | >= 0.12.0, < 0.16.21 | 0.16.21 | Jan 17, 2025 | KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are | ||
| CVE-2024-28246 | — | >= 0.11.0, < 0.16.10 | 0.16.10 | Mar 25, 2024 | KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular | ||
| CVE-2024-28245 | — | >= 0.11.0, < 0.16.10 | 0.16.10 | Mar 25, 2024 | KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this v | ||
| CVE-2024-28244 | — | >= 0.15.4, < 0.16.10 | 0.16.10 | Mar 25, 2024 | KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX suppor | ||
| CVE-2024-28243 | — | >= 0.12.0, < 0.16.10 | 0.16.10 | Mar 25, 2024 | KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an avail |
- CVE-2025-23207Jan 17, 2025affected >= 0.12.0, < 0.16.21fixed 0.16.21
KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are
- CVE-2024-28246Mar 25, 2024affected >= 0.11.0, < 0.16.10fixed 0.16.10
KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular
- CVE-2024-28245Mar 25, 2024affected >= 0.11.0, < 0.16.10fixed 0.16.10
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this v
- CVE-2024-28244Mar 25, 2024affected >= 0.15.4, < 0.16.10fixed 0.16.10
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX suppor
- CVE-2024-28243Mar 25, 2024affected >= 0.12.0, < 0.16.10fixed 0.16.10
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an avail