Описание
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2027195owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution
9.8 Critical
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
больше 4 лет назад
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
CVSS3: 9.8
github
больше 4 лет назад
Policies not properly enforced in OWASP Java HTML Sanitizer
9.8 Critical
CVSS3