CVE-2024-47875 - Vulnerability Details

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Logging Openshift Openshift Devspaces Service Mesh

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
grafana-0:9.2.10-20.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:8327	2024-10-22T00:00:00Z
Red Hat Enterprise Linux 9
grafana-0:9.2.10-19.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:8678	2024-10-30T00:00:00Z
grafana-0:10.2.6-7.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9473	2024-11-12T00:00:00Z
Red Hat OpenShift Container Platform 4.14
openshift4/ose-monitoring-plugin-rhel8:v4.14.0-202411130434.p0.gb57ebe7.assembly.stream.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:9620	2024-11-20T00:00:00Z
Red Hat OpenShift Container Platform 4.15
openshift4/ose-monitoring-plugin-rhel8:v4.15.0-202411060036.p0.ge40b085.assembly.stream.el8	cpe:/a:redhat:openshift:4.15::el8	RHSA-2024:8991	2024-11-13T00:00:00Z
Red Hat OpenShift Container Platform 4.16
openshift4/ose-monitoring-plugin-rhel9:v4.16.0-202410300036.p0.g442ccd1.assembly.stream.el9	cpe:/a:redhat:openshift:4.16::el9	RHSA-2024:8683	2024-11-06T00:00:00Z
Red Hat OpenShift Container Platform 4.17
openshift4/ose-monitoring-plugin-rhel9:v4.17.0-202410300235.p0.g9c9c0a0.assembly.stream.el9	cpe:/a:redhat:openshift:4.17::el9	RHSA-2024:8981	2024-11-13T00:00:00Z
Red Hat OpenShift Dev Spaces 3 Containers
devspaces/code-rhel8:3.17-19	cpe:/a:redhat:openshift_devspaces:3::el8	RHSA-2024:10236	2024-11-25T00:00:00Z
Red Hat OpenShift Service Mesh 2.5 for RHEL 8
openshift-service-mesh/grafana-rhel8:2.5.6-2	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:9629	2024-11-14T00:00:00Z
openshift-service-mesh/istio-cni-rhel8:2.5.6-3	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:9629	2024-11-14T00:00:00Z
openshift-service-mesh/istio-must-gather-rhel8:2.5.6-2	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:9629	2024-11-14T00:00:00Z
openshift-service-mesh/kiali-ossmc-rhel8:1.73.15-2	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:9629	2024-11-14T00:00:00Z
openshift-service-mesh/kiali-rhel8:1.73.16-2	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:9629	2024-11-14T00:00:00Z
openshift-service-mesh/pilot-rhel8:2.5.6-3	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:9629	2024-11-14T00:00:00Z
openshift-service-mesh/proxyv2-rhel8:2.5.6-4	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:9629	2024-11-14T00:00:00Z
openshift-service-mesh/ratelimit-rhel8:2.5.6-2	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:9629	2024-11-14T00:00:00Z
RHOL-5.6-RHEL-8
openshift-logging/cluster-logging-operator-bundle:v5.6.27-12	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/cluster-logging-rhel8-operator:v5.6.27-5	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/elasticsearch6-rhel8:v6.8.1-451	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.6.27-19	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-534	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.6.27-9	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/eventrouter-rhel8:v0.4.0-333	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/fluentd-rhel8:v1.14.6-232	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/kibana6-rhel8:v6.8.1-472	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-314	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/logging-curator5-rhel8:v5.8.1-544	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/logging-loki-rhel8:v3.2.0-23	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/logging-view-plugin-rhel8:v5.6.27-4	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/loki-operator-bundle:v5.6.27-17	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/loki-rhel8-operator:v5.6.27-6	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/lokistack-gateway-rhel8:v0.1.0-717	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/opa-openshift-rhel8:v0.1.0-334	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
openshift-logging/vector-rhel8:v0.21.0-143	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:10988	2025-01-15T00:00:00Z
RHOL-5.8-RHEL-9
openshift-logging/cluster-logging-operator-bundle:v5.8.16-9	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/cluster-logging-rhel9-operator:v5.8.16-4	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/elasticsearch6-rhel9:v6.8.1-445	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.8.16-14	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-528	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/elasticsearch-rhel9-operator:v5.8.16-4	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/eventrouter-rhel9:v0.4.0-328	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/fluentd-rhel9:v5.8.16-2	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-309	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/logging-curator5-rhel9:v5.8.1-536	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/logging-loki-rhel9:v3.2.1-22	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/logging-view-plugin-rhel9:v5.8.16-3	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/loki-operator-bundle:v5.8.16-13	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/loki-rhel9-operator:v5.8.16-4	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/lokistack-gateway-rhel9:v0.1.0-709	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/opa-openshift-rhel9:v0.1.0-326	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z
openshift-logging/vector-rhel9:v0.28.1-83	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:0329	2025-01-15T00:00:00Z

References

Link	Providers
https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098
https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f
https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a
https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
https://nvd.nist.gov/vuln/detail/CVE-2024-47875
https://www.cve.org/CVERecord?id=CVE-2024-47875

History

Thu, 13 Feb 2025 00:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat logging
CPEs		cpe:/a:redhat:logging:5.6::el8 cpe:/a:redhat:logging:5.8::el9
Vendors & Products		Redhat logging

Wed, 27 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Devspaces
CPEs		cpe:/a:redhat:openshift_devspaces:3::el8
Vendors & Products		Redhat openshift Devspaces

Fri, 22 Nov 2024 15:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.14::el8

Sat, 16 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat service Mesh
CPEs		cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:service_mesh:2.5::el8
Vendors & Products		Redhat service Mesh

Wed, 13 Nov 2024 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.17::el9

Wed, 06 Nov 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift
CPEs		cpe:/a:redhat:openshift:4.16::el9
Vendors & Products		Redhat openshift

Thu, 31 Oct 2024 02:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9

Wed, 23 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8
Vendors & Products		Redhat Redhat enterprise Linux

Sat, 12 Oct 2024 01:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-47875 https://www.cve.org/CVERecord?id=CVE-2024-47875
Metrics	threat_severity `None`	threat_severity `Important`

Fri, 11 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 11 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Description		DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
Title		DOMPurify nesting-based mXSS
Weaknesses		CWE-79
References		https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098 https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-10-11T14:59:27.641Z

Updated: 2024-10-11T19:27:57.706Z

Reserved: 2024-10-04T16:00:09.630Z

Link: CVE-2024-47875

Vulnrichment

Updated: 2024-10-11T19:27:51.954Z

NVD

Status : Awaiting Analysis

Published: 2024-10-11T15:15:05.860

Modified: 2024-10-15T12:58:51.050

Link: CVE-2024-47875

Redhat

Severity : Important

Publid Date: 2024-10-11T15:15:05Z

Links: CVE-2024-47875 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47875", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-10-04T16:00:09.630Z", "datePublished": "2024-10-11T14:59:27.641Z", "dateUpdated": "2024-10-11T19:27:57.706Z"}, "containers": {"cna": {"title": "DOMPurify nesting-based mXSS", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf"}, {"name": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", "tags": ["x_refsource_MISC"], "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f"}, {"name": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", "tags": ["x_refsource_MISC"], "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a"}, {"name": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", "tags": ["x_refsource_MISC"], "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"}], "affected": [{"vendor": "cure53", "product": "DOMPurify", "versions": [{"version": "< 2.5.0", "status": "affected"}, {"version": "< 3.1.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-11T14:59:27.641Z"}, "descriptions": [{"lang": "en", "value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3."}], "source": {"advisory": "GHSA-gx9m-whjm-85jf", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T19:27:35.590076Z", "id": "CVE-2024-47875", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T19:27:57.706Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47875", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-10-04T16:00:09.630Z", "datePublished": "2024-10-11T14:59:27.641Z", "dateUpdated": "2024-10-11T19:27:57.706Z"}, "containers": {"cna": {"title": "DOMPurify nesting-based mXSS", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf"}, {"name": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", "tags": ["x_refsource_MISC"], "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f"}, {"name": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", "tags": ["x_refsource_MISC"], "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a"}, {"name": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", "tags": ["x_refsource_MISC"], "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"}], "affected": [{"vendor": "cure53", "product": "DOMPurify", "versions": [{"version": "< 2.5.0", "status": "affected"}, {"version": "< 3.1.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-11T14:59:27.641Z"}, "descriptions": [{"lang": "en", "value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3."}], "source": {"advisory": "GHSA-gx9m-whjm-85jf", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47875", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-11T19:27:35.590076Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T19:27:51.954Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3."}, {"lang": "es", "value": "DOMPurify es un desinfectante de XSS ultrarr\u00e1pido, ultratolerante y exclusivo de DOM para HTML, MathML y SVG. DOMpurify era vulnerable a mXSS basado en anidamiento. Esta vulnerabilidad se solucion\u00f3 en 2.5.0 y 3.1.3."}], "id": "CVE-2024-47875", "lastModified": "2024-10-15T12:58:51.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-10-11T15:15:05.860", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"}, {"source": "security-advisories@github.com", "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f"}, {"source": "security-advisories@github.com", "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a"}, {"source": "security-advisories@github.com", "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:8327", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "grafana-0:9.2.10-20.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-10-22T00:00:00Z"}, {"advisory": "RHSA-2024:8678", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "grafana-0:9.2.10-19.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:9473", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "grafana-0:10.2.6-7.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9620", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-monitoring-plugin-rhel8:v4.14.0-202411130434.p0.gb57ebe7.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-11-20T00:00:00Z"}, {"advisory": "RHSA-2024:8991", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-monitoring-plugin-rhel8:v4.15.0-202411060036.p0.ge40b085.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:8683", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-monitoring-plugin-rhel9:v4.16.0-202410300036.p0.g442ccd1.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8981", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-monitoring-plugin-rhel9:v4.17.0-202410300235.p0.g9c9c0a0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:10236", "cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "package": "devspaces/code-rhel8:3.17-19", "product_name": "Red Hat OpenShift Dev Spaces 3 Containers", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:9629", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/grafana-rhel8:2.5.6-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9629", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.5.6-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9629", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.5.6-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9629", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-ossmc-rhel8:1.73.15-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9629", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-rhel8:1.73.16-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9629", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/pilot-rhel8:2.5.6-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9629", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.5.6-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9629", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.5.6-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/cluster-logging-operator-bundle:v5.6.27-12", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/cluster-logging-rhel8-operator:v5.6.27-5", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch6-rhel8:v6.8.1-451", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch-operator-bundle:v5.6.27-19", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-534", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch-rhel8-operator:v5.6.27-9", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/eventrouter-rhel8:v0.4.0-333", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/fluentd-rhel8:v1.14.6-232", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/kibana6-rhel8:v6.8.1-472", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-314", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-curator5-rhel8:v5.8.1-544", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-loki-rhel8:v3.2.0-23", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-view-plugin-rhel8:v5.6.27-4", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/loki-operator-bundle:v5.6.27-17", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/loki-rhel8-operator:v5.6.27-6", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/lokistack-gateway-rhel8:v0.1.0-717", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/opa-openshift-rhel8:v0.1.0-334", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2024:10988", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/vector-rhel8:v0.21.0-143", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/cluster-logging-operator-bundle:v5.8.16-9", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/cluster-logging-rhel9-operator:v5.8.16-4", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch6-rhel9:v6.8.1-445", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-operator-bundle:v5.8.16-14", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-528", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-rhel9-operator:v5.8.16-4", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/eventrouter-rhel9:v0.4.0-328", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/fluentd-rhel9:v5.8.16-2", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-309", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-curator5-rhel9:v5.8.1-536", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-loki-rhel9:v3.2.1-22", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-view-plugin-rhel9:v5.8.16-3", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/loki-operator-bundle:v5.8.16-13", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/loki-rhel9-operator:v5.8.16-4", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/lokistack-gateway-rhel9:v0.1.0-709", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/opa-openshift-rhel9:v0.1.0-326", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0329", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/vector-rhel9:v0.28.1-83", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-01-15T00:00:00Z"}], "bugzilla": {"description": "dompurify: nesting-based mutation XSS vulnerability", "id": "2318052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-47875", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/console-mce-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/multicluster-engine-console-mce-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Not affected", "package_name": "network-observability/network-observability-console-plugin-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Will not fix", "package_name": "workload-availability/node-remediation-console-rhel8", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines-console-plugin-rhel8-container", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/console-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-v4-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Will not fix", "package_name": "automation-eda-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "automation-gateway", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-operator-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Will not fix", "package_name": "odh-dashboard-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "odh-operator-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/nmstate-console-plugin-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-networking-console-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/console-plugin-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/gitops-operator-bundle", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-argocd-rhel9-container", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/kubevirt-console-plugin-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}], "public_date": "2024-10-11T15:15:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47875\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47875\nhttps://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098\nhttps://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f\nhttps://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a\nhttps://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf"], "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object