Owasp Json-sanitizer 安全漏洞

Owasp Json-sanitizer is a Java-based code library from the OWASP Foundation that generates Json format data from Json like text content. A security vulnerability exists in Owasp Json-sanitizer version 20240325.1, which stems from HtmlPolicyBuilder allowing noscript and style tags, which could lea...

EUVD-2021-1020

Malware in sbrugna...

EUVD-2021-1360

Malware in sbrugna...

CVE-2021-23900

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations...

CVE-2021-23899

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

com.github.promregator:promregator (>=0.6.3 <=0.8.0-rc2), com.lancethomps:lava (>=1.0.0 <=1.8.0) +153 more potentially affected by CVE-2020-13973 via com.mikesamuel:json-sanitizer (=1.2.0)

com.mikesamuel:json-sanitizer MAVEN version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.mikesamuel:json-sanitizer and may be impacted: - com.github.promregator:promregator =0.6.3, =1.0.0, =1.0.0, =1.1.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0,...

Cross-site scripting in json-sanitizer

OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause...

GHSA-G8JJ-899Q-8X3J Cross-site scripting in json-sanitizer

OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause...

Arbitrary code injection in json-sanitizer

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

com.github.promregator:promregator (>=0.6.3 <=0.9.0-rc1), com.lancethomps:lava (>=1.0.0 <=1.12.0) +160 more potentially affected by CVE-2021-23899 via com.mikesamuel:json-sanitizer (>=1.2.0 <=1.2.1)

com.mikesamuel:json-sanitizer MAVEN version =1.2.0, =0.6.3, =1.0.0, =1.0.0, =1.1.0, =1.1.0, =1.8.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2021-23899 Source advisory: OSV:GHSA-MM8J-9X84-M9CV...

GHSA-MM8J-9X84-M9CV Arbitrary code injection in json-sanitizer

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

Uncaught Exception leading to Denial of Service in json-sanitizer

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations...

com.github.promregator:promregator (>=0.6.3 <=0.9.0-rc1), com.lancethomps:lava (>=1.0.0 <=1.12.0) +160 more potentially affected by CVE-2021-23900 via com.mikesamuel:json-sanitizer (>=1.2.0 <=1.2.1)

com.mikesamuel:json-sanitizer MAVEN version =1.2.0, =0.6.3, =1.0.0, =1.0.0, =1.1.0, =1.1.0, =1.8.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2021-23900 Source advisory: OSV:GHSA-8RF5-92JH-3VC9...

Arbitrary Code Injection

json-sanitizer is vulnerable to arbtirary code injection. An attacker could potentially inject arbitrary HTML and XML into embedding documents as closing SCRIPT tags and CDATA section delimiters may be emitted for certain input...

Denial Of Service (DoS)

json-sanitizer is vulnerable to denial of service. The vulnerability exists as certain invalid JSON characters are not sanitized, allowing an attacker to cause an undeclared exception and crash the application via a malicious string input...

Owasp Json-sanitizer Input Validation Error Vulnerability

Owasp Json-sanitizer is the Owasp Foundation of a Java-based Json can be based on the text content similar to the Json code library to generate data in Json format . An input validation error vulnerability exists in OWASP JSON -sanitizer prior to version 1.2.2, which stems from the fact that a...

CVE-2021-23900

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations...

CVE-2021-23900

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations...

CVE-2021-23899

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

CVE-2021-23899

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...