Vulnerability/
REDHAT-BUG-2322949

REDHAT-BUG-2322949: XSS

Q: What is the severity of REDHAT-BUG-2322949?

The vulnerability REDHAT-BUG-2322949 is classified as a moderate severity issue due to the risk of prototype pollution.

Q: How do I fix REDHAT-BUG-2322949?

To fix the vulnerability REDHAT-BUG-2322949, upgrade DOMPurify to version 2.4.2 or later.

Q: Who is affected by REDHAT-BUG-2322949?

Any application using DOMPurify versions prior to 2.4.2 is affected by the vulnerability REDHAT-BUG-2322949.

Q: What types of applications are impacted by REDHAT-BUG-2322949?

Web applications that utilize DOMPurify for sanitizing HTML, MathML, or SVG content are impacted by REDHAT-BUG-2322949.

Q: What does prototype pollution mean in the context of REDHAT-BUG-2322949?

Prototype pollution in REDHAT-BUG-2322949 refers to an attacker’s ability to manipulate the prototype of existing objects, potentially leading to unexpected behavior.

Published Oct 31, 2024

Updated

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.

Affected Software

1 affected component

DOMPurify DOMPurify<2.4.2

Event History

Oct 31, 2024

Data Sourced

via Red Hat·03:01 PM

DescriptionSeverityAffected Software

Frequently Asked Questions

What is the severity of REDHAT-BUG-2322949?

The vulnerability REDHAT-BUG-2322949 is classified as a moderate severity issue due to the risk of prototype pollution.

How do I fix REDHAT-BUG-2322949?

To fix the vulnerability REDHAT-BUG-2322949, upgrade DOMPurify to version 2.4.2 or later.

Who is affected by REDHAT-BUG-2322949?

Any application using DOMPurify versions prior to 2.4.2 is affected by the vulnerability REDHAT-BUG-2322949.

What types of applications are impacted by REDHAT-BUG-2322949?

Web applications that utilize DOMPurify for sanitizing HTML, MathML, or SVG content are impacted by REDHAT-BUG-2322949.

What does prototype pollution mean in the context of REDHAT-BUG-2322949?

Prototype pollution in REDHAT-BUG-2322949 refers to an attacker’s ability to manipulate the prototype of existing objects, potentially leading to unexpected behavior.

Security Metrics

Risk Score32

Severityhigh(7)

CWE

Timeline

PublishedOct 31, 2024

Updated

References

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.