VulnerableCode Package Details - pkg:npm/katex@0.15.4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/katex@0.15.4

Essentials
History (1)

purl	pkg:npm/katex@0.15.4

Next non-vulnerable version	0.16.10
Latest non-vulnerable version	0.16.10
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-ayrg-3d9c-nbe2 Aliases: CVE-2024-28244 GHSA-cvr6-37gx-v8wc	KaTeX's maxExpand bypassed by Unicode sub/superscripts KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow.	0.16.10 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:47:27.169506+00:00	GitLab Importer	Affected by	VCID-ayrg-3d9c-nbe2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/katex/CVE-2024-28244.yml	38.6.0