VDB
CVE-2024-28246
CVE-2024-28246
PUBLISHED
CVSS 5.5 MEDIUM
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
EPSS 0.06% · 18.0th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS Score
0.06%
18.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| KaTeX | KaTeX | * |
| npm | katex | 0.11.0 |
| katex | katex | 0.11.0 |
Exploit Intelligence
Timeline
- Jan 21, 1970 Security Advisory
- Mar 25, 2024 CVE Published
- Mar 26, 2024 EPSS Score
- Apr 21, 2024 EPSS Score
- May 16, 2024 EPSS Score
- Jun 11, 2024 EPSS Score
- Jul 7, 2024 EPSS Score
- Aug 1, 2024 EPSS Score
- Aug 27, 2024 EPSS Score
- Sep 22, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 17, 2024 EPSS Score