Описание
Cross site scripting in datatables.net
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-23445
- https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
- https://cdn.datatables.net/1.11.3
- https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html
- https://security.netapp.com/advisory/ntap-20240621-0006
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
- https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544
Пакеты
datatables.net
< 1.11.3
1.11.3
Связанные уязвимости
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
This affects the package datatables.net before 1.11.3. If an array is ...