Add CVE-2024-47875 for DOMPurify

RetireJS · Oct 11, 2024 · f419da0 · f419da0
1 parent 52983bb
commit f419da0
Show file tree

Hide file tree

Showing 5 changed files with 220 additions and 0 deletions.
diff --git a/repository/jsrepository-master.json b/repository/jsrepository-master.json
@@ -3177,6 +3177,34 @@
     "bowername": ["dompurify", "DOMPurify"],
     "npmname": "dompurify",
     "vulnerabilities": [
+      {
+        "ranges": [
+          {
+            "atOrAbove": "0",
+            "below": "2.5.0"
+          },
+          {
+            "atOrAbove": "3.0.0",
+            "below": "3.1.3"
+          }
+        ],
+        "summary": "DOMpurify has a nesting-based mXSS",
+        "cwe": ["CWE-79"],
+        "severity": "high",
+        "identifiers": {
+          "CVE": ["CVE-2024-47875"],
+          "githubID": "GHSA-gx9m-whjm-85jf"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
+          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
+          "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
+          "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
+          "https://github.com/cure53/DOMPurify",
+          "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
+        ]
+      },
       {
         "ranges": [
           {

diff --git a/repository/jsrepository-v2.json b/repository/jsrepository-v2.json
@@ -4471,6 +4471,30 @@
           "https://github.com/cure53/DOMPurify/releases"
         ]
       },
+      {
+        "atOrAbove": "0",
+        "below": "2.5.0",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "DOMpurify has a nesting-based mXSS",
+          "CVE": [
+            "CVE-2024-47875"
+          ],
+          "githubID": "GHSA-gx9m-whjm-85jf"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
+          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
+          "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
+          "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
+          "https://github.com/cure53/DOMPurify",
+          "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
+        ]
+      },
       {
         "atOrAbove": "0",
         "below": "2.5.4",
@@ -4495,6 +4519,30 @@
           "https://github.com/cure53/DOMPurify"
         ]
       },
+      {
+        "atOrAbove": "3.0.0",
+        "below": "3.1.3",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "DOMpurify has a nesting-based mXSS",
+          "CVE": [
+            "CVE-2024-47875"
+          ],
+          "githubID": "GHSA-gx9m-whjm-85jf"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
+          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
+          "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
+          "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
+          "https://github.com/cure53/DOMPurify",
+          "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
+        ]
+      },
       {
         "atOrAbove": "3.0.0",
         "below": "3.1.3",

diff --git a/repository/jsrepository-v3.json b/repository/jsrepository-v3.json
@@ -4568,6 +4568,30 @@
             "https://github.com/cure53/DOMPurify/releases"
           ]
         },
+        {
+          "atOrAbove": "0",
+          "below": "2.5.0",
+          "cwe": [
+            "CWE-79"
+          ],
+          "severity": "high",
+          "identifiers": {
+            "summary": "DOMpurify has a nesting-based mXSS",
+            "CVE": [
+              "CVE-2024-47875"
+            ],
+            "githubID": "GHSA-gx9m-whjm-85jf"
+          },
+          "info": [
+            "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
+            "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
+            "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
+            "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
+            "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
+            "https://github.com/cure53/DOMPurify",
+            "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
+          ]
+        },
         {
           "atOrAbove": "0",
           "below": "2.5.4",
@@ -4592,6 +4616,30 @@
             "https://github.com/cure53/DOMPurify"
           ]
         },
+        {
+          "atOrAbove": "3.0.0",
+          "below": "3.1.3",
+          "cwe": [
+            "CWE-79"
+          ],
+          "severity": "high",
+          "identifiers": {
+            "summary": "DOMpurify has a nesting-based mXSS",
+            "CVE": [
+              "CVE-2024-47875"
+            ],
+            "githubID": "GHSA-gx9m-whjm-85jf"
+          },
+          "info": [
+            "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
+            "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
+            "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
+            "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
+            "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
+            "https://github.com/cure53/DOMPurify",
+            "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
+          ]
+        },
         {
           "atOrAbove": "3.0.0",
           "below": "3.1.3",

diff --git a/repository/jsrepository-v4.json b/repository/jsrepository-v4.json
@@ -4567,6 +4567,30 @@
           "https://github.com/cure53/DOMPurify/releases"
         ]
       },
+      {
+        "atOrAbove": "0",
+        "below": "2.5.0",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "DOMpurify has a nesting-based mXSS",
+          "CVE": [
+            "CVE-2024-47875"
+          ],
+          "githubID": "GHSA-gx9m-whjm-85jf"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
+          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
+          "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
+          "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
+          "https://github.com/cure53/DOMPurify",
+          "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
+        ]
+      },
       {
         "atOrAbove": "0",
         "below": "2.5.4",
@@ -4591,6 +4615,30 @@
           "https://github.com/cure53/DOMPurify"
         ]
       },
+      {
+        "atOrAbove": "3.0.0",
+        "below": "3.1.3",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "DOMpurify has a nesting-based mXSS",
+          "CVE": [
+            "CVE-2024-47875"
+          ],
+          "githubID": "GHSA-gx9m-whjm-85jf"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
+          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
+          "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
+          "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
+          "https://github.com/cure53/DOMPurify",
+          "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
+        ]
+      },
       {
         "atOrAbove": "3.0.0",
         "below": "3.1.3",

diff --git a/repository/jsrepository.json b/repository/jsrepository.json
@@ -4435,6 +4435,30 @@
           "https://github.com/cure53/DOMPurify/releases"
         ]
       },
+      {
+        "atOrAbove": "0",
+        "below": "2.5.0",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "DOMpurify has a nesting-based mXSS",
+          "CVE": [
+            "CVE-2024-47875"
+          ],
+          "githubID": "GHSA-gx9m-whjm-85jf"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
+          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
+          "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
+          "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
+          "https://github.com/cure53/DOMPurify",
+          "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
+        ]
+      },
       {
         "atOrAbove": "0",
         "below": "2.5.4",
@@ -4459,6 +4483,30 @@
           "https://github.com/cure53/DOMPurify"
         ]
       },
+      {
+        "atOrAbove": "3.0.0",
+        "below": "3.1.3",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "DOMpurify has a nesting-based mXSS",
+          "CVE": [
+            "CVE-2024-47875"
+          ],
+          "githubID": "GHSA-gx9m-whjm-85jf"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
+          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
+          "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
+          "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
+          "https://github.com/cure53/DOMPurify",
+          "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
+        ]
+      },
       {
         "atOrAbove": "3.0.0",
         "below": "3.1.3",