CVE-2021-23899
N/A
N/A
Summary
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/OWASP/json-sanitizer/compare/v1.2.1…v1.2.2
- https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0
- https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
References
- https://github.com/OWASP/json-sanitizer/compare/v1.2.1…v1.2.2
- https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0
- https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.