Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
References
Link | Resource |
---|---|
https://advisory.checkmarx.net/advisory/CX-2021-4309 | Exploit Patch Third Party Advisory |
https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26 | Release Notes Third Party Advisory |
https://github.com/apostrophecms/sanitize-html/pull/460 | Patch Third Party Advisory |
Configurations
History
01 Apr 2021, 15:02
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://advisory.checkmarx.net/advisory/CX-2021-4309 - Exploit, Patch, Third Party Advisory |
25 Mar 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Feb 2021, 14:19
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CPE | cpe:2.3:a:apostrophecms:sanitize-html:*:*:*:*:*:node.js:*:* | |
References | (MISC) https://github.com/apostrophecms/sanitize-html/pull/460 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26 - Release Notes, Third Party Advisory |
08 Feb 2021, 17:37
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-08 17:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-26540
Mitre link : CVE-2021-26540
CVE.ORG link : CVE-2021-26540
JSON object : View
Products Affected
apostrophecms
- sanitize-html
CWE