KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 02 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:katex:katex:*:*:*:*:*:*:*:*

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00051}

epss

{'score': 0.00043}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T00:48:49.569Z

Reserved: 2024-03-07T14:33:30.036Z

Link: CVE-2024-28245

cve-icon Vulnrichment

Updated: 2024-08-01T15:39:47.585Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-25T20:15:08.370

Modified: 2025-09-02T13:28:43.090

Link: CVE-2024-28245

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.