AUTHOR: Eric Eastwood

Gitter is a communication product for communities and teams on GitHub. Find out more at gitter.im.

Navigation

Gitter XSS Crypto Mining Security Issue Notification

Issue Summary An XSS exploit in our KaTeX parser was used to embed a JavaScript crypto miner in clients via an exploitative message. The exploitative message was spread across 25 rooms and 146 users read those messages. The messages were available for about 1 hour (minutes after being reported) before being cleaned up across the board. User Remediation Steps To check if you are affected, open up the devtools(right-click on the page -> Inspect element)…