DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 06 Jun 2025 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_data_foundation:4.14::el9
cpe:/a:redhat:openshift_data_foundation:4.15::el9

Thu, 13 Feb 2025 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Data Foundation
CPEs cpe:/a:redhat:openshift:4.17::el9
cpe:/a:redhat:openshift_data_foundation:4.16::el9
cpe:/a:redhat:openshift_data_foundation:4.17::el9
Vendors & Products Redhat openshift Data Foundation

Mon, 02 Dec 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:advanced_cluster_security:4.5::el8

Fri, 22 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift
CPEs cpe:/a:redhat:openshift:4.14::el8
Vendors & Products Redhat openshift

Thu, 14 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat advanced Cluster Security
CPEs cpe:/a:redhat:advanced_cluster_security:4.4::el8
Vendors & Products Redhat
Redhat advanced Cluster Security

Fri, 01 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Thu, 31 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Cure53
Cure53 dompurify
CPEs cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*
Vendors & Products Cure53
Cure53 dompurify
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 31 Oct 2024 14:30:00 +0000

Type Values Removed Values Added
Description DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
Title DOMPurify vulnerable to tampering by prototype polution
Weaknesses CWE-1321
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-10-31T15:55:39.716Z

Reserved: 2024-10-09T22:06:46.171Z

Link: CVE-2024-48910

cve-icon Vulnrichment

Updated: 2024-10-31T15:54:01.854Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-31T15:15:15.720

Modified: 2025-09-23T02:01:59.903

Link: CVE-2024-48910

cve-icon Redhat

Severity : Important

Publid Date: 2024-10-31T14:22:52Z

Links: CVE-2024-48910 - Bugzilla

cve-icon OpenCVE Enrichment

No data.