CVE-2021-26539
N/A
N/A
Summary
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#231-2021-01-22
- https://github.com/apostrophecms/sanitize-html/pull/458
- https://advisory.checkmarx.net/advisory/CX-2021-4308
References
- https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#231-2021-01-22
- https://github.com/apostrophecms/sanitize-html/pull/458
- https://advisory.checkmarx.net/advisory/CX-2021-4308
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.