3 matches found
Prototype Pollution
Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Prototype Pollution in the USEPROFILES function. An attacker can execute arbitrary JavaScript code in the context of the user’s browser by polluting...
GHSA-CJ63-JHHR-WCXV DOMPurify USE_PROFILES prototype pollution allows event handlers
Summary When USEPROFILES is enabled, DOMPurify rebuilds ALLOWEDATTR as a plain array before populating it with the requested allowlists. Because the sanitizer still looks up attributes via ALLOWEDATTRlcName, any Array.prototype property that is polluted also counts as an allowlisted attribute. An...
DOMPurify USE_PROFILES prototype pollution allows event handlers
Summary When USEPROFILES is enabled, DOMPurify rebuilds ALLOWEDATTR as a plain array before populating it with the requested allowlists. Because the sanitizer still looks up attributes via ALLOWEDATTRlcName, any Array.prototype property that is polluted also counts as an allowlisted attribute. An...