Lucene search
PRIOn knowledge basePRION:CVE-2024-21501HistoryFeb 24, 2024 - 5:15 a.m.
Design/Logic Flaw
2024-02-2405:15:00
PRIOn knowledge base
www.prio-n.com
4
sanitize-html
information exposure
backend
style attribute
file system
enumeration
vulnerability
attacker
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.
References
gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf
github.com/apostrophecms/apostrophe/discussions/4436
github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4
github.com/apostrophecms/sanitize-html/pull/650
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557
security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334
Related
debiancve
debiancve
CVE-2024-21501
2024-02-24 05:15:44
openvas
openvas
Fedora: Security Advisory for glances (FEDORA-2024-b8e474fbd3)
2024-06-07 00:00:00
Fedora: Security Advisory for glances (FEDORA-2024-af1f06c79c)
2024-06-07 00:00:00
cve
cve
CVE-2024-21501
2024-02-24 05:15:44
ubuntucve
ubuntucve
CVE-2024-21501
2024-02-24 00:00:00
nessus
nessus
Fedora 40 : glances (2024-b8e474fbd3)
2024-06-02 00:00:00
Fedora 39 : glances (2024-af1f06c79c)
2024-06-02 00:00:00
osv
osv
sanitize-html Information Exposure vulnerability
2024-02-24 06:30:17
CVE-2024-21501
2024-02-24 05:15:44
veracode
veracode
Information Exposure
2024-02-26 05:54:55
fedora
fedora
[SECURITY] Fedora 39 Update: glances-4.0.5-2.fc39
2024-06-02 03:39:37
[SECURITY] Fedora 40 Update: glances-4.0.5-2.fc40
2024-06-02 01:23:02
redhatcve
redhatcve
CVE-2024-21501
2024-02-26 18:31:49
cvelist
cvelist
CVE-2024-21501
2024-02-24 05:00:02
nvd
nvd
CVE-2024-21501
2024-02-24 05:15:44
github
github
sanitize-html Information Exposure vulnerability
2024-02-24 06:30:17
ibm
ibm
redhat
redhat