Description

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

Remediation

References

https://hackerone.com/reports/308158

https://github.com/guardian/html-janitor/issues/35

Related Vulnerabilities

CVE-2019-10318 Vulnerability in maven package org.jenkins-ci.plugins:azure-ad

CVE-2023-33725 Vulnerability in maven package org.broadleafcommerce:broadleaf

CVE-2009-0783 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2020-13128 Vulnerability in maven package com.googlecode.gwtupload:gwtupload-project

CVE-2020-2150 Vulnerability in maven package org.jenkins-ci.plugins:quality-gates

Severity

High

Classification

CWE-642 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory