Inefficient Regular Expression Complexity Affecting grafana package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS9-GRAFANA-7988016
- published 17 Sep 2024
- disclosed 16 Sep 2024
Introduced: 16 Sep 2024
CVE-2024-45801 Open this link in a new tabHow to fix?
There is no fixed version for Centos:9 grafana.
NVD Description
Note: Versions mentioned in the description apply only to the upstream grafana package and not the grafana package as distributed by Centos.
See How to fix? for Centos:9 relevant fixed versions and status.
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.