Arbitrary code injection in json-sanitizer

2021-06-1617:34:18

CWE-611

GitHub Advisory Database

github.com

0.002 Low

EPSS

Percentile

64.4%

JSON

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

CPENameOperatorVersion
com.mikesamuel:json-sanitizerlt1.2.2

CPE	Name	Operator	Version
	com.mikesamuel:json-sanitizer	lt	1.2.2

References

github.com/advisories/GHSA-mm8j-9x84-m9cv

github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e

github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2

groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0

nvd.nist.gov/vuln/detail/CVE-2021-23899

0.002 Low

EPSS

Percentile

64.4%

JSON

Related for GHSA-MM8J-9X84-M9CV