Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-39663

Published: 29 August 2023

** DISPUTED ** Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.

Notes

AuthorNote
alexmurray
Upstream dispute this CVE since these components are internal
to MathJax.js and cannot be influenced by a user / attacker so there is no
way to abuse this as a ReDoS

Priority

Negligible

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
mathjax
Launchpad, Ubuntu, Debian
bionic Ignored
(not a vulnerability)
focal Ignored
(not a vulnerability)
jammy Ignored
(not a vulnerability)
lunar Ignored
(end of life, was ignored [not a vulnerability])
trusty Ignored
(not a vulnerability)
upstream Needs triage

xenial Ignored
(not a vulnerability)

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H