katex@0.16.7 vulnerabilities

Fast math typesetting for the web.

Direct Vulnerabilities

Known vulnerabilities in the katex package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Unchecked Input for Loop Condition

katex is a Fast math typesetting for the web.

Affected versions of this package are vulnerable to Unchecked Input for Loop Condition when handling \def or \newcommand in conjunction with Unicode sub/superscripts. An attacker can cause a near-infinite loop, leading to memory overflow, tying up the main thread, or stack overflow, by exploiting the maxExpand option which fails to limit macro executions effectively.

Note:

This vulnerability is particularly concerning when rendering untrusted mathematical expressions, as it can be used for an availability attack, rendering the service unusable.

How to fix Unchecked Input for Loop Condition?

Upgrade katex to version 0.16.10 or higher.

>=0.15.4 <0.16.10
  • M
Unchecked Input for Loop Condition

katex is a Fast math typesetting for the web.

Affected versions of this package are vulnerable to Unchecked Input for Loop Condition when handling \edef commands. An attacker can cause a near-infinite loop, leading to memory overflow, tying up the main thread, or stack overflow by crafting malicious input using \edef that bypasses the maxExpand setting designed to prevent such issues.

Note:

This vulnerability is particularly concerning for users who render untrusted mathematical expressions, as it can be exploited to perform an availability attack, rendering the service unusable.

How to fix Unchecked Input for Loop Condition?

Upgrade katex to version 0.16.10 or higher.

>=0.10.0-beta <0.16.10
  • M
Incomplete List of Disallowed Inputs

katex is a Fast math typesetting for the web.

Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs due to the trust option. Specifically, the functionality that provides a function to blacklist certain URL protocols, can be bypassed by URLs in malicious inputs that utilize uppercase characters in the protocol. This can allow for the generation of javascript: links in the output, even when the trust function is designed to forbid this protocol.

How to fix Incomplete List of Disallowed Inputs?

Upgrade katex to version 0.16.10 or higher.

>=0.11.0 <0.16.10
  • M
Improper Encoding or Escaping of Output

katex is a Fast math typesetting for the web.

Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output when handling the \includegraphics command. An attacker can execute arbitrary JavaScript or generate invalid HTML by exploiting the lack of proper filename escaping in the \includegraphics command.

Note:

This is only exploitable if the trust option is enabled or not properly configured to restrict the \includegraphics commands.

How to fix Improper Encoding or Escaping of Output?

Upgrade katex to version 0.16.10 or higher.

>=0.11.0 <0.16.10