Headline
Debian Security Advisory 5790-1
Debian Linux Security Advisory 5790-1 - It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was susceptible to nesting-based mXSS.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5790-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffOctober 13, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : node-dompurifyCVE ID : CVE-2024-47875It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG wassusceptible to nesting-based mXSS.For the stable distribution (bookworm), this problem has been fixed inversion 2.4.1+dfsg+~2.4.0-2.We recommend that you upgrade your node-dompurify packages.For the detailed security status of node-dompurify please refer toits security tracker page at:https://security-tracker.debian.org/tracker/node-dompurifyFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcMCGEACgkQEMKTtsN8TjZW5g//Uc2ZeYTX4O8kHZ9IHHL7v9n6pxPG9MLYgiMt11YSs5k6qVT20NvqfWWyN9ZNQkBCtYpKRO3wym5AcfR9UsZxVh3AlT8Q+Y7lHBYxiaQw82ygNQT2nAU32wBSMHnZvjHEAdH/iZWeR2VROVHjwR7bU9cbzc2/dVt1W7WJTLPY8lAqAAJ5D4/6Nlcb1JMwupP1XIW26gSYBGx+RXuKitSr1jKBoraDtAGUtpZQMP7JwKXt+WSLe4mStXwQmQhMkmNd28sonJVAEl/EjvZq1KuEONlj5doPMtMC9eU7HBtXu6b2JoPVyO6FZnx76lMqT+JV9VIqj1MfJofLSv4kT8PfM18KaNHBqtiR370D0q6gxfQxIibvu4WXPmG8CNw/ew4LRwswQMQPSscEGdo8jz3WKhKnLMB6HRWg0m9LMJXQcmNLPiAS8NIcOSDtK8sQC8ODIjR1lYzetnu7Y6o69KWdreFVlHgaWqROfBtxmQ0cf4vBQchZd3cCRsFHtPQ2xsNsbIQoJhst2XzJsNVlgcB78qMiKfc7fsZh7/Uy0oq2jclSA1nWQUoszFblTVCn44fLIS97bn2WggiAqUymBBSyAGeZp//6CuoYik62ARHW5tYXvsa1oq9/d/I5RcBMbNHn2VNyxmzpnkbaFFYS/Sz86ihL17Ao7IOD8ssvaHzGeTw==lKMx-----END PGP SIGNATURE-----Related news
Red Hat Security Advisory 2024-9473-03 - An update for grafana is now available for Red Hat Enterprise Linux 9. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2024-8683-03 - Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2024-8678-03 - An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2024-8327-03 - An update for grafana is now available for Red Hat Enterprise Linux 8. Issues addressed include a cross site scripting vulnerability.
DOMpurify was vulnerable to nesting-based mXSS fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and [merge 943](https://github.com/cure53/DOMPurify/pull/943) Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking POC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)