Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] CVE-2024-53382 in PrismJS 1.27.0 (OpenSearch Dashboards) #9526

Open
hasselg opened this issue Mar 10, 2025 · 2 comments
Open

[BUG] CVE-2024-53382 in PrismJS 1.27.0 (OpenSearch Dashboards) #9526

hasselg opened this issue Mar 10, 2025 · 2 comments
Labels
bug Something isn't working untriaged

Comments

@hasselg
Copy link

hasselg commented Mar 10, 2025

Opensearch Dashboards looks to be using PrismJS 1.27.0, which is vulnerable to CVE-2024-53382. Versions >= 1.30.0 of PrismJS should not be vulnerable.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53382
Ref: PrismJS/prism#3864
@hasselg hasselg added bug Something isn't working untriaged labels Mar 10, 2025
@hasselg hasselg changed the title [BUG] CVE-2024-53382 in PrismJS 1.27.0 [BUG] CVE-2024-53382 in PrismJS 1.27.0 (OpenSearch Dashboards) Mar 10, 2025
@derek-ho
Copy link
Contributor

@opensearch-project/triage can this be moved to OpenSearch dashboards repo?

@gaiksaya gaiksaya transferred this issue from opensearch-project/security Mar 11, 2025
@kkhatua
Copy link
Member

kkhatua commented Mar 11, 2025

This seems to be of moderate severity (4.9).
@ashwin-pc can this be marked for 3.0.0 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working untriaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hasselg @kkhatua @derek-ho