CVE-2021-23445

Опубликовано: 27 сент. 2021

Источник: debian

Описание

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
datatables.js	fixed	1.10.21+dfsg-3		package
datatables.js	fixed	1.10.21+dfsg-2+deb11u1	bullseye	package
datatables.js	no-dsa		stretch	package

Примечания

https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b (v1.11.3)

Связанные уязвимости

CVE-2021-23445

CVSS3: 3.1

ubuntu

больше 4 лет назад

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

CVE-2021-23445

CVSS3: 6.1

redhat

больше 4 лет назад

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

CVE-2021-23445

CVSS3: 3.1

nvd

больше 4 лет назад

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

CVE-2021-23445

msrc

около 1 месяца назад

Cross-site Scripting (XSS)

GHSA-h73q-5wmj-q8pj

CVSS3: 6.1

github

больше 4 лет назад

Cross site scripting in datatables.net