Publish GHSA-mmhx-hmjr-r674

2024-09-16 20:38:47 +00:00 · 2024-09-16 20:38:47 +00:00 · 63d782d101
--- a/advisories/github-reviewed/2024/09/GHSA-mmhx-hmjr-r674/GHSA-mmhx-hmjr-r674.json
+++ b/advisories/github-reviewed/2024/09/GHSA-mmhx-hmjr-r674/GHSA-mmhx-hmjr-r674.json
@ -1,12 +1,12 @@
 {
  "schema_version": "1.4.0",
  "id": "GHSA-mmhx-hmjr-r674",
-  "modified": "2024-09-16T20:34:26Z",
+  "modified": "2024-09-16T20:36:52Z",
  "published": "2024-09-16T20:34:26Z",
  "aliases": [
    "CVE-2024-45801"
  ],
-  "summary": "DOMPurify allows tampering by prototype pol;ution",
+  "summary": "DOMPurify allows tampering by prototype pollution",
  "details": "It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check.\n\nThis renders dompurify unable to avoid XSS attack.\n\nFixed by https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 (3.x branch) and https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc (2.x branch).",
  "severity": [
    {