CVE-2024-48910

DOMPurify vulnerable to tampering by prototype polution

Description

dompurify was vulnerable to prototype pollution

Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

9.1

Severity

Critical

Ecosystem

JavaScript

Publish Date

October 31, 2024

Modified Date

November 3, 2025

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Versions