CVE-2024-48910 | THREATINT

Description

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.

PUBLISHED Reserved 2024-10-09 | Published 2024-10-31 | Updated 2025-11-03 | Assigner GitHub_M

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Product status

< 2.4.2

affected

References

lists.debian.org/debian-lts-announce/2025/02/msg00010.html

github.com/...Purify/security/advisories/GHSA-p3vf-v8qc-cwcr

github.com/...ommit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

cve.org (CVE-2024-48910)

nvd.nist.gov (CVE-2024-48910)

Download JSON