Skip to main content

Improper Encoding or Escaping of Output


Severity Medium
Score 6.3/10


KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. This issue affects the package katex versions 0.11.0 through 0.16.9.

  • LOW
  • LOW
  • NONE
  • LOW
  • LOW
  • LOW

CWE-116 - Improper Encoding or Escaping of Output

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Advisory Timeline

  • Published