All the vulnerabilities related to the version 1.1.39 of the package
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Code that uses KaTeX's trust option, specifically that provides a function to block-list certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate javascript: links in the output, even if the trust function tries to forbid this protocol via trust: (context) => context.protocol !== 'javascript'.
Upgrade to KaTeX v0.16.10 to remove this vulnerability.
trust function.context.protocol via context.protocol.toLowerCase() before attempting to check for certain protocols.trust option.KaTeX did not normalize the protocol entry of the context object provided to a user-specified trust-function, so it could be a mix of lowercase and/or uppercase letters.
It is generally better to allow-list by protocol, in which case this would normally not be an issue. But in some cases, you might want to block-list, and the KaTeX documentation even provides such an example:
Allow all commands but forbid specific protocol:
trust: (context) => context.protocol !== 'file'
Currently KaTeX internally sees file: and File: URLs as different protocols, so context.protocol can be file or File, so the above check does not suffice. A simple workaround would be:
trust: (context) => context.protocol.toLowerCase() !== 'file'
Most URL parsers normalize the scheme to lowercase. For example, RFC3986 says:
Although schemes are case-insensitive, the canonical form is lowercase and documents that specify schemes must do so with lowercase letters. An implementation should accept uppercase letters as equivalent to lowercase in scheme names (e.g., allow "HTTP" as well as "http") for the sake of robustness but should only produce lowercase scheme names for consistency.
KaTeX's maxExpand bypassed by \edef
KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow.
Upgrade to KaTeX v0.16.10 to remove this vulnerability.
Forbid inputs containing the substring "\\edef" before passing them to KaTeX.
(There is no easy workaround for the auto-render extension.)
KaTeX supports an option named maxExpand which prevents infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. However, what counted as an "expansion" is a single macro expanding to any number of tokens. The expand-and-define TeX command \edef can be used to build up an exponential number of tokens using only a linear number of expansions according to this definition, e.g. by repeatedly doubling the previous definition. This has been corrected in KaTeX v0.16.10, where every expanded token in an \edef counts as an expansion.
If you have any questions or comments about this advisory:
KaTeX's \includegraphics does not escape filename
KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML.
Upgrade to KaTeX v0.16.10 to remove this vulnerability.
trust option, or set it to forbid \includegraphics commands."\\includegraphics".\includegraphics did not properly quote its filename argument, allowing it to generate invalid or malicious HTML that runs scripts.
If you have any questions or comments about this advisory:
KaTeX \htmlData does not validate attribute names
KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML.
Upgrade to KaTeX v0.16.21 to remove this vulnerability.
trust option, or set it to forbid \htmlData commands."\\htmlData".\htmlData did not validate its attribute name argument, allowing it to generate invalid or malicious HTML that runs scripts.
If you have any questions or comments about this advisory:
esbuild enables any website to send any requests to the development server and read the response
esbuild allows any websites to send any request to the development server and read the response due to default CORS settings.
esbuild sets Access-Control-Allow-Origin: * header to all requests, including the SSE connection, which allows any websites to send any request to the development server and read the response.
https://github.com/evanw/esbuild/blob/df815ac27b84f8b34374c9182a93c94718f8a630/pkg/api/serve_other.go#L121 https://github.com/evanw/esbuild/blob/df815ac27b84f8b34374c9182a93c94718f8a630/pkg/api/serve_other.go#L363
Attack scenario:
http://malicious.example.com).fetch('http://127.0.0.1:8000/main.js') request by JS in that malicious web page. This request is normally blocked by same-origin policy, but that's not the case for the reasons above.http://127.0.0.1:8000/main.js.In this scenario, I assumed that the attacker knows the URL of the bundle output file name. But the attacker can also get that information by
/index.html: normally you have a script tag here/assets: it's common to have a assets directory when you have JS files and CSS files in a different directory and the directory listing feature tells the attacker the list of files/esbuild SSE endpoint: the SSE endpoint sends the URL path of the changed files when the file is changed (new EventSource('/esbuild').addEventListener('change', e => console.log(e.type, e.data)))The scenario above fetches the compiled content, but if the victim has the source map option enabled, the attacker can also get the non-compiled content by fetching the source map file.
npm inpm run watchfetch('http://127.0.0.1:8000/app.js').then(r => r.text()).then(content => console.log(content)) in a different website's dev tools.Users using the serve feature may get the source code stolen by malicious websites.
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups
When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to .replace).
Your generated code is vulnerable if all the following conditions are true:
.replace method on a regular expression that contains named capturing groups.replaceIf you are using @babel/preset-env with the targets option, the transform that injects the vulnerable code is automatically enabled if:
You can verify what transforms @babel/preset-env is using by enabling the debug option.
This problem has been fixed in @babel/helpers and @babel/runtime 7.26.10 and 8.0.0-alpha.17, please upgrade. It's likely that you do not directly depend on @babel/helpers, and instead you depend on @babel/core (which itself depends on @babel/helpers). Upgrading to @babel/core 7.26.10 is not required, but it guarantees that you are on a new enough @babel/helpers version.
Please note that just updating your Babel dependencies is not enough: you will also need to re-compile your code.
If you are passing user-provided strings as the second argument of .replace on regular expressions that contain named capturing groups, validate the input and make sure it does not contain the substring $< if it's then not followed by > (possibly with other characters in between).
This vulnerability was reported and fixed in https://github.com/babel/babel/pull/17173.
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.