The identified library DOMPurify, version 2.4.9, is vulnerable. #1143

kazenguyen97 · 2025-01-20T04:19:33Z

Current Behavior

Description: The identified library DOMPurify, version 2.4.9, is vulnerable.

URL: https://{{URL}}/js/chunk-cbf05c10.eba03501.js

Evidence:
/*! @license DOMPurify 2.4.9

Other Info:
CVE-2024-47875, CVE-2024-45801

References:

Proposed Behavior

Update this JS

Checklist

I have read and understand the contributing guidelines
I have checked the existing issues for whether this enhancement was already requested

The text was updated successfully, but these errors were encountered:

Closes DependencyTrack#1143 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: nscuro <[email protected]>

kazenguyen97 added the enhancement New feature or request label Jan 20, 2025

nscuro transferred this issue from DependencyTrack/dependency-track Jan 20, 2025

nscuro added this to the 4.12.3 milestone Jan 20, 2025

nscuro added defect Something isn't working and removed enhancement New feature or request labels Jan 20, 2025

nscuro closed this as completed in a75c65b Jan 20, 2025

nscuro mentioned this issue Jan 20, 2025

Backport: Bump dompurify from 2.4.9 to 2.5.8 #1144

Merged

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

The identified library DOMPurify, version 2.4.9, is vulnerable. #1143

The identified library DOMPurify, version 2.4.9, is vulnerable. #1143

kazenguyen97 commented Jan 20, 2025

The identified library DOMPurify, version 2.4.9, is vulnerable. #1143

The identified library DOMPurify, version 2.4.9, is vulnerable. #1143

Comments

kazenguyen97 commented Jan 20, 2025

Current Behavior

Proposed Behavior

Checklist