CVE-2024-36109
CVSS V2 None
CVSS V3 None
Description
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows `<script>` tags to be included which execute when published. This issue has been addressed in commit `419862a9c9879c`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Overview
- CVE ID
- CVE-2024-36109
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-28T18:40:55.068Z
- Last Modified Date
- 2024-06-04T17:47:59.256Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/sagemathinc/cocalc/security/advisories/GHSA-8w44-hggw-p5rf | x_refsource_CONFIRM |
| https://github.com/sagemathinc/cocalc/commit/419862a9c9879c | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-36109 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36109 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 11:03:47 | Added to TrackCVE |