OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
CPE | Name | Operator | Version |
---|---|---|---|
com.mikesamuel:json-sanitizer | lt | 1.2.2 |