4 matches found
Improper Input Validation
Overview sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option. Recommendation Upgrade to version 2.3.1 or later References - CVE - GitHub Advisory...
08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +6284 more potentially affected by CVE-2021-26539 via sanitize-html (>=0.1.4 <=2.3.0)
sanitize-html NPM version =0.1.4, =1.0.0, =0.15.4, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =0.6.0, =3.0.19, =1.3.0, =2.6.0, =6.0.1 and more Source cves: CVE-2021-26539 Source advisory: OSV:GHSA-RJQQ-98F6-6J3R...
CVE-2021-26539
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...
CVE-2021-26539
CVE-2021-26539 affects Apostrophe Technologies sanitize-html prior to version 2.3.1. The vulnerability arises from improper handling of internationalized domain names (IDN), which can allow an attacker to bypass the hostname whitelist validated by the allowedIframeHostnames option. Impact is bypa...