CVE-2021-23899

CRITICAL

9.8

Description

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/13/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

owasp:json-sanitizer

Faiblesses (CWE)

CWE-611

References

https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e(cve@mitre.org)

https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2(cve@mitre.org)

https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0(cve@mitre.org)

https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2(af854a3a-2127-422b-91ae-364da2661108)

https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.