9 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-21501
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowi...
Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501
Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage...
Fedora 39 : glances (2024-af1f06c79c)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-af1f06c79c advisory. Security fix for CVE-2024-21501 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.9 bug fix and security update
Red Hat OpenShift Container Platform release 4.15.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...
CVE-2024-21501
An information exposure flaw was found in the sanitize-html package, when used on the backend with the style attribute allowed. This issue may allow an attacker to enumerate files in the system, including project dependencies, to gather details about the file system structure and dependencies of...
08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +3314 more potentially affected by CVE-2024-21501 via sanitize-html (>=0.1.4 <=2.12.0)
sanitize-html NPM version =0.1.4, =1.0.0, =1.0.0, =1.0.0, =0.6.0, =0.1.0, =0.1.0, =11.1.0, =1.0.0, =1.0.1, =0.2.0, =0.1.0, =0.19.1-rc.2, =0.19.1-rc.4 and more Source cves: CVE-2024-21501 Source advisory: OSV:GHSA-RM97-X556-Q36H...
CVE-2024-21501
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...
CVE-2024-21501
CVE-2024-21501 – sanitize-html information exposure : The sanitize-html package (pre-2.12.1) on the backend with the style attribute enabled can disclose sensitive filesystem and dependency details by enumerating files. Affected: sanitize-html versions before 2.12.1. Impact is information disclos...
CVE-2024-21501
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...