CVE-2021-23899

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.24 % (65^th)

Affected Products 1

Advisories 1

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

Weaknesses

CWE-611: Improper Restriction of XML External Entity Reference

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-01-13 16:15:14
(3 years ago)
Updated Date: 2021-01-19 18:45:55
(3 years ago)

Affected Products

Owasp

Json-sanitizer

Configuration #1

		CPE23	From	Up To
	Owasp Json-sanitizer prior 1.2.2 version	cpe:2.3:a:owasp:json-sanitizer		< 1.2.2