Description
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
Remediation
References
https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26
https://github.com/apostrophecms/sanitize-html/pull/460
https://advisory.checkmarx.net/advisory/CX-2021-4309
Related Vulnerabilities
CVE-2019-3773 Vulnerability in maven package org.springframework.ws:spring-ws-core
CVE-2022-21126 Vulnerability in maven package com.github.samtools:htsjdk
CVE-2017-16155 Vulnerability in npm package fast-http-cli
CVE-2021-21616 Vulnerability in maven package org.biouno:uno-choice
CVE-2019-10744 Vulnerability in maven package org.webjars.bower:lodash