KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
                
            References
                    Configurations
                    History
                    02 Sep 2025, 13:28
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770 - Patch | |
| References | () https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h - Third Party Advisory | |
| First Time | Katex Katex katex | |
| CPE | cpe:2.3:a:katex:katex:*:*:*:*:*:*:*:* | 
21 Nov 2024, 09:06
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770 - | |
| References | () https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h - | 
26 Mar 2024, 12:55
| Type | Values Removed | Values Added | 
|---|---|---|
| Summary | 
 | 
25 Mar 2024, 20:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2024-03-25 20:15
Updated : 2025-09-02 13:28
NVD link : CVE-2024-28245
Mitre link : CVE-2024-28245
CVE.ORG link : CVE-2024-28245
JSON object : View
Products Affected
                katex
- katex
CWE
                
                    
                        
                        CWE-116
                        
            Improper Encoding or Escaping of Output
