Bug 2322949 (CVE-2024-48910) - CVE-2024-48910 dompurify: DOMPurify vulnerable to tampering by prototype pollution
Summary: CVE-2024-48910 dompurify: DOMPurify vulnerable to tampering by prototype poll...
Keywords:
Status: NEW
Alias: CVE-2024-48910
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-31 15:01 UTC by OSIDB Bzimport
Modified: 2025-06-04 22:59 UTC (History)
67 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:10186 0 None None None 2024-11-22 01:07:02 UTC
Red Hat Product Errata RHSA-2024:9583 0 None None None 2024-11-13 18:01:09 UTC
Red Hat Product Errata RHSA-2024:9620 0 None None None 2024-11-20 04:18:09 UTC
Red Hat Product Errata RHSA-2025:0079 0 None None None 2025-01-08 10:04:28 UTC
Red Hat Product Errata RHSA-2025:0082 0 None None None 2025-01-08 11:31:57 UTC
Red Hat Product Errata RHSA-2025:0654 0 None None None 2025-01-28 04:29:10 UTC
Red Hat Product Errata RHSA-2025:0875 0 None None None 2025-02-05 10:49:30 UTC
Red Hat Product Errata RHSA-2025:8544 0 None None None 2025-06-04 20:11:28 UTC
Red Hat Product Errata RHSA-2025:8551 0 None None None 2025-06-04 22:59:43 UTC

Description OSIDB Bzimport 2024-10-31 15:01:17 UTC 
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
Comment 1 errata-xmlrpc 2024-11-13 18:01:06 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Security 4.4

Via RHSA-2024:9583 https://access.redhat.com/errata/RHSA-2024:9583
Comment 2 errata-xmlrpc 2024-11-20 04:18:05 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:9620 https://access.redhat.com/errata/RHSA-2024:9620
Comment 3 errata-xmlrpc 2024-11-22 01:06:58 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Security 4.5

Via RHSA-2024:10186 https://access.redhat.com/errata/RHSA-2024:10186
Comment 4 errata-xmlrpc 2025-01-08 10:04:24 UTC 
This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2025:0079 https://access.redhat.com/errata/RHSA-2025:0079
Comment 5 errata-xmlrpc 2025-01-08 11:31:53 UTC 
This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2025:0082 https://access.redhat.com/errata/RHSA-2025:0082
Comment 7 errata-xmlrpc 2025-01-28 04:29:05 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0654 https://access.redhat.com/errata/RHSA-2025:0654
Comment 8 errata-xmlrpc 2025-02-05 10:49:26 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875
Comment 13 errata-xmlrpc 2025-06-04 20:11:22 UTC 
This issue has been addressed in the following products:

  RHODF-4.15-RHEL-9

Via RHSA-2025:8544 https://access.redhat.com/errata/RHSA-2025:8544
Comment 14 errata-xmlrpc 2025-06-04 22:59:37 UTC 
This issue has been addressed in the following products:

  RHODF-4.14-RHEL-9

Via RHSA-2025:8551 https://access.redhat.com/errata/RHSA-2025:8551
Note You need to log in before you can comment on or make changes to this bug.