CVE-2024-28243: KaTeX's maxExpand bypassed by `\edef`

March 25, 2024

KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user’s KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow.

References

github.com/KaTeX/KaTeX
github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34
github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w
github.com/advisories/GHSA-64fm-8hw2-v72w
nvd.nist.gov/vuln/detail/CVE-2024-28243

Code Behaviors & Features

Detect and mitigate CVE-2024-28243 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →