pkg:Debian/node-dompurify

All known vulnerabilities

• CRITICAL10.0CVE-2024-47875node-dompurify - security update
  from 0, < 2.4.1+dfsg+~2.4.0-2
• CRITICAL10.0CVE-2024-47875node-dompurify - security update
  from 0, < 2.4.1+dfsg+~2.4.0-2
• CRITICAL9.1CVE-2024-48910DOMPurify vulnerable to tampering by prototype polution
  from 0, < 2.4.1+dfsg+~2.4.0-2+deb12u1
• HIGH7.5In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory.
  from 0
• HIGH7.0DOMPurify allows tampering by prototype pollution
  from 0, < 2.4.1+dfsg+~2.4.0-2+deb12u1
• MEDIUM6.9DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback
  from 0
• MEDIUM6.8DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode
  from 0
• MEDIUM6.1DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)
  from 0
• MEDIUM6.1DOMPurify contains a Cross-site Scripting vulnerability
  from 0
• MEDIUM6.1DOMPurify contains a Cross-site Scripting vulnerability
  from 0
• MEDIUM4.5DOMPurify allows Cross-site Scripting (XSS)
  from 0