{ "threat_severity" : "Important", "public_date" : "2024-10-11T15:15:05Z", "bugzilla" : { "description" : "dompurify: nesting-based mutation XSS vulnerability", "id" : "2318052", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, "cvss3" : { "cvss3_base_score" : "8.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-79", "details" : [ "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.", "A flaw was found in DOMPurify that could allow for a nesting-based mXSS to not be properly sanitized." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-10-22T00:00:00Z", "advisory" : "RHSA-2024:8327", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "grafana-0:9.2.10-20.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-10-30T00:00:00Z", "advisory" : "RHSA-2024:8678", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-0:9.2.10-19.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9473", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-0:10.2.6-7.el9_5" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-11-20T00:00:00Z", "advisory" : "RHSA-2024:9620", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-monitoring-plugin-rhel8:v4.14.0-202411130434.p0.gb57ebe7.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-11-13T00:00:00Z", "advisory" : "RHSA-2024:8991", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift4/ose-monitoring-plugin-rhel8:v4.15.0-202411060036.p0.ge40b085.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2024-11-06T00:00:00Z", "advisory" : "RHSA-2024:8683", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "openshift4/ose-monitoring-plugin-rhel9:v4.16.0-202410300036.p0.g442ccd1.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2024-11-13T00:00:00Z", "advisory" : "RHSA-2024:8981", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "openshift4/ose-monitoring-plugin-rhel9:v4.17.0-202410300235.p0.g9c9c0a0.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Dev Spaces 3 Containers", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10236", "cpe" : "cpe:/a:redhat:openshift_devspaces:3::el8", "package" : "devspaces/code-rhel8:3.17-19" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date" : "2024-11-14T00:00:00Z", "advisory" : "RHSA-2024:9629", "cpe" : "cpe:/a:redhat:service_mesh:2.5::el8", "package" : "openshift-service-mesh/grafana-rhel8:2.5.6-2" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date" : "2024-11-14T00:00:00Z", "advisory" : "RHSA-2024:9629", "cpe" : "cpe:/a:redhat:service_mesh:2.5::el8", "package" : "openshift-service-mesh/istio-cni-rhel8:2.5.6-3" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date" : "2024-11-14T00:00:00Z", "advisory" : "RHSA-2024:9629", "cpe" : "cpe:/a:redhat:service_mesh:2.5::el8", "package" : "openshift-service-mesh/istio-must-gather-rhel8:2.5.6-2" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date" : "2024-11-14T00:00:00Z", "advisory" : "RHSA-2024:9629", "cpe" : "cpe:/a:redhat:service_mesh:2.5::el8", "package" : "openshift-service-mesh/kiali-ossmc-rhel8:1.73.15-2" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date" : "2024-11-14T00:00:00Z", "advisory" : "RHSA-2024:9629", "cpe" : "cpe:/a:redhat:service_mesh:2.5::el8", "package" : "openshift-service-mesh/kiali-rhel8:1.73.16-2" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date" : "2024-11-14T00:00:00Z", "advisory" : "RHSA-2024:9629", "cpe" : "cpe:/a:redhat:service_mesh:2.5::el8", "package" : "openshift-service-mesh/pilot-rhel8:2.5.6-3" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date" : "2024-11-14T00:00:00Z", "advisory" : "RHSA-2024:9629", "cpe" : "cpe:/a:redhat:service_mesh:2.5::el8", "package" : "openshift-service-mesh/proxyv2-rhel8:2.5.6-4" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date" : "2024-11-14T00:00:00Z", "advisory" : "RHSA-2024:9629", "cpe" : "cpe:/a:redhat:service_mesh:2.5::el8", "package" : "openshift-service-mesh/ratelimit-rhel8:2.5.6-2" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/cluster-logging-operator-bundle:v5.6.27-12" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/cluster-logging-rhel8-operator:v5.6.27-5" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/elasticsearch6-rhel8:v6.8.1-451" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/elasticsearch-operator-bundle:v5.6.27-19" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-534" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/elasticsearch-rhel8-operator:v5.6.27-9" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/eventrouter-rhel8:v0.4.0-333" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/fluentd-rhel8:v1.14.6-232" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/kibana6-rhel8:v6.8.1-472" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-314" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/logging-curator5-rhel8:v5.8.1-544" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/logging-loki-rhel8:v3.2.0-23" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/logging-view-plugin-rhel8:v5.6.27-4" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/loki-operator-bundle:v5.6.27-17" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/loki-rhel8-operator:v5.6.27-6" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/lokistack-gateway-rhel8:v0.1.0-717" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/opa-openshift-rhel8:v0.1.0-334" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2024:10988", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/vector-rhel8:v0.21.0-143" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/cluster-logging-operator-bundle:v5.8.16-9" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/cluster-logging-rhel9-operator:v5.8.16-4" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/elasticsearch6-rhel9:v6.8.1-445" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/elasticsearch-operator-bundle:v5.8.16-14" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-528" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/elasticsearch-rhel9-operator:v5.8.16-4" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/eventrouter-rhel9:v0.4.0-328" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/fluentd-rhel9:v5.8.16-2" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-309" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/logging-curator5-rhel9:v5.8.1-536" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/logging-loki-rhel9:v3.2.1-22" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/logging-view-plugin-rhel9:v5.8.16-3" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/loki-operator-bundle:v5.8.16-13" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/loki-rhel9-operator:v5.8.16-4" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/lokistack-gateway-rhel9:v0.1.0-709" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/opa-openshift-rhel9:v0.1.0-326" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2025-01-15T00:00:00Z", "advisory" : "RHSA-2025:0329", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/vector-rhel9:v0.28.1-83" } ], "package_state" : [ { "product_name" : "Migration Toolkit for Virtualization", "fix_state" : "Not affected", "package_name" : "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Not affected", "package_name" : "multicluster-engine/console-mce-rhel8", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Not affected", "package_name" : "multicluster-engine/multicluster-engine-console-mce-rhel8", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Network Observability Operator", "fix_state" : "Not affected", "package_name" : "network-observability/network-observability-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:network_observ_optr:1" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Will not fix", "package_name" : "workload-availability/node-remediation-console-rhel8", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-console-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp-system-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/console-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-rhel8-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-eda-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-gateway", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Developer Hub", "fix_state" : "Not affected", "package_name" : "rhdh-operator-container", "cpe" : "cpe:/a:redhat:rhdh:1" }, { "product_name" : "Red Hat Developer Hub", "fix_state" : "Not affected", "package_name" : "rhdh/rhdh-hub-rhel9", "cpe" : "cpe:/a:redhat:rhdh:1" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Will not fix", "package_name" : "odh-dashboard-container", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "odh-operator-container", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/nmstate-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-networking-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/argocd-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/argocd-rhel9", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/console-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/gitops-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/kubevirt-console-plugin", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/kubevirt-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-47875\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47875\nhttps://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098\nhttps://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f\nhttps://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a\nhttps://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf" ], "name" : "CVE-2024-47875", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }