Jupenur

**Name of the Vulnerable Software and Affected Versions** KaTeX versions prior to 0.16.10 **Description** KaTeX is a JavaScript library for TeX math rendering on the web. Users who render untrusted mathematical expressions could encounter malicious input using `def` or ` ewcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named `maxExpand` which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for Unicode (sub|super)script characters allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. **Recommendations** Upgrade to KaTeX v0.16.10 to remove this vulnerability. As a temporary workaround, consider forbidding inputs containing any of the characters `₊₋₌₍₎₀₁₂₃₄₅₆₇₈₉ₐₑₕᵢⱼₖₗₘₙₒₚᵣₛₜᵤᵥₓᵦᵧᵨᵩᵪ⁺⁻⁼⁽⁾⁰¹²³⁴⁵⁶⁷⁸⁹ᵃᵇᶜᵈᵉᵍʰⁱʲᵏˡᵐⁿᵒᵖʳˢᵗᵘʷˣʸᶻᵛᵝᵞᵟᵠᵡ` before passing them to KaTeX.

**Name of the Vulnerable Software and Affected Versions** KaTeX versions prior to 0.16.10 **Description** KaTeX is a JavaScript library for TeX math rendering on the web. Users who render untrusted mathematical expressions could encounter malicious input using `edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. **Recommendations** Upgrade to KaTeX v0.16.10 to remove this vulnerability. Forbid inputs containing the substring `"edef"` before passing them to KaTeX. As a temporary workaround, consider restricting the use of the `edef` command in KaTeX until a patch is available.

**Name of the Vulnerable Software and Affected Versions** @actions/core versions prior to v1.9.1 **Description** The `core.exportVariable` function uses a well-known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values to the `GITHUB ENV` file may cause the path or other environment variables to be modified without the intention of the workflow or action author. **Recommendations** For versions prior to v1.9.1, upgrade to `@actions/core v1.9.1`. If you are unable to upgrade the `@actions/core` package, modify your action to ensure that any user input does not contain the delimiter ` GitHubActionsFileCommandDelimeter ` before calling `core.exportVariable`.

**Name of the Vulnerable Software and Affected Versions** graphql-go versions prior to 1.3.0 **Description** The issue is a DoS vulnerability due to a bug in the library that allows an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows, potentially compromising the server's ability to serve data. This issue only occurs when using the `graphql.MaxDepth` option in the schema. **Recommendations** For versions prior to 1.3.0, the best workaround is to patch to a version greater than or equal to `v1.3.0`. Otherwise, the only workaround in versions prior to `v1.3.0` is to disable the `graphql.MaxDepth` option from your schema, although this could potentially create opportunities for other attacks.

**Name of the Vulnerable Software and Affected Versions** goxmldsig versions prior to 1.1.0 **Description** The issue allows an attacker to bypass signature validation with a carefully crafted XML file, making it possible to pass off an altered file as a signed one. This is due to the behavior of encoding/xml, which can cause XML Digital Signature validation to be entirely bypassed. **Recommendations** For goxmldsig versions prior to 1.1.0, upgrade to at least version 1.1.0 to resolve the issue. As a temporary workaround, consider restricting the use of the `encoding/xml` module until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 41.0 **Description** The issue allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site when reader mode is enabled. This can be exploited by a remote attacker to manipulate the content of the window using a specially formed website, which is related to errors in security settings. **Recommendations** For versions prior to 41.0, update to version 41.0 or later to resolve the issue. As a temporary workaround, consider disabling the reader mode until a patch is available. Restrict access to crafted web sites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 29.0 on Android **Description** The issue allows remote attackers to spoof the address bar via crafted JavaScript code. This is achieved by using DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen. **Recommendations** For versions prior to 29.0 on Android, update to version 29.0 or later to resolve the issue.