Description

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".

Remediation

References

https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26

https://github.com/apostrophecms/sanitize-html/pull/460

https://advisory.checkmarx.net/advisory/CX-2021-4309

Related Vulnerabilities

CVE-2020-36649 Vulnerability in maven package org.webjars.npm:papaparse

CVE-2022-46175 Vulnerability in maven package org.webjars.npm:json5

CVE-2019-10174 Vulnerability in maven package org.infinispan:infinispan-commons

CVE-2018-3258 Vulnerability in maven package mysql:mysql-connector-java

CVE-2021-28169 Vulnerability in maven package org.eclipse.jetty:jetty-servlets

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Release Notes Third Party Advisory Patch Exploit NVD-CWE-noinfo