Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-21501

Опубликовано: 24 фев. 2024
Источник: debian

Описание

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
node-sanitize-htmlfixed2.13.0+~2.11.0-1package
node-sanitize-htmlno-dsabookwormpackage

Примечания

  • https://github.com/apostrophecms/sanitize-html/pull/650

  • https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf

  • https://github.com/apostrophecms/apostrophe/discussions/4436

  • https://github.com/apostrophecms/sanitize-html/commit/075499d1b98c387f4200fd59972ca9b15796b51b (2.12.1)

  • https://github.com/apostrophecms/sanitize-html/commit/1e2294c8001ce07c89448e03289818da631795ba (2.12.1)

Связанные уязвимости

ubuntu логотип

CVE-2024-21501

CVSS3: 5.3
ubuntu
почти 2 года назад

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.

redhat логотип

CVE-2024-21501

CVSS3: 5.3
redhat
почти 2 года назад

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.

nvd логотип

CVE-2024-21501

CVSS3: 5.3
nvd
почти 2 года назад

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.

github логотип

GHSA-rm97-x556-q36h

CVSS3: 5.3
github
почти 2 года назад

sanitize-html Information Exposure vulnerability