GHSA-qwj6-q94f-8425: MathLive's Lack of Escaping of HTML allows for XSS
Despite normal text rendering as LaTeX expressions, preventing XSS, the library also provides users with commands which may modify HTML, such as the \htmlData
command, and the lack of escaping leads to XSS.
References
Detect and mitigate GHSA-qwj6-q94f-8425 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →