CVE-2023-39663: Inefficient Regular Expression Complexity

August 29, 2023 (updated November 7, 2023)

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern.

References

github.com/mathjax/MathJax/issues/3074
nvd.nist.gov/vuln/detail/CVE-2023-39663

Code Behaviors & Features

Detect and mitigate CVE-2023-39663 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →