The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade katex
to version 0.16.10 or higher.
katex is a Fast math typesetting for the web.
Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output when handling the \includegraphics
command. An attacker can execute arbitrary JavaScript or generate invalid HTML by exploiting the lack of proper filename escaping in the \includegraphics
command.
Note:
This is only exploitable if the trust
option is enabled or not properly configured to restrict the \includegraphics
commands.
This vulnerability can be mitigated by either avoiding the use of or turning off the trust
option, setting it to forbid \includegraphics
commands, forbidding inputs containing the substring "\\includegraphics"
, or sanitizing HTML output from the package.