Описание
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:theguardian:html-janitor:2.0.2:*:*:*:*:node.js:*:*
EPSS
Процентиль: 41%
0.00185
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-642
CWE-642
Связанные уязвимости
CVSS3: 6.1
github
больше 7 лет назад
Bypassing Sanitization using DOM clobbering in html-janitor
EPSS
Процентиль: 41%
0.00185
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-642
CWE-642