Description
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
Remediation
References
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
https://cdn.datatables.net/1.11.3/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html
https://security.netapp.com/advisory/ntap-20240621-0006/
Related Vulnerabilities
CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-common
CVE-2021-37695 Vulnerability in npm package ckeditor4
CVE-2017-11556 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2020-28480 Vulnerability in maven package org.webjars.npm:jointjs
CVE-2023-3163 Vulnerability in maven package com.ruoyi:ruoyi-common