CVE-2017-0928

Summary

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

Affected Software

VendorProductVersion RangeStatus
HackerOnehtml-janitor node moduleAll versionsaffected

Weaknesses

  • CWE-642: External Control of Critical State Data (CWE-642)

ADP Enrichment

CVE Program Container

Additional References

References