Description
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
Remediation
References
https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0
https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2
https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
Related Vulnerabilities
CVE-2022-41936 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rest-server
CVE-2021-23460 Vulnerability in npm package min-dash
CVE-2020-7632 Vulnerability in npm package node-mpv
CVE-2022-21213 Vulnerability in maven package org.webjars.npm:mout
CVE-2020-13957 Vulnerability in maven package org.apache.solr:solr-solrj