Description
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
Remediation
References
https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26
https://github.com/apostrophecms/sanitize-html/pull/460
https://advisory.checkmarx.net/advisory/CX-2021-4309
Related Vulnerabilities
CVE-2021-21347 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2023-23936 Vulnerability in npm package undici
CVE-2022-31183 Vulnerability in maven package co.fs2:fs2-io_sjs1_2.12
CVE-2023-44487 Vulnerability in maven package io.helidon.http:helidon-http-http2
CVE-2022-2390 Vulnerability in maven package com.google.android.gms:play-services-basement