Description
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
Remediation
References
https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26
https://github.com/apostrophecms/sanitize-html/pull/460
https://advisory.checkmarx.net/advisory/CX-2021-4309
Related Vulnerabilities
CVE-2022-40955 Vulnerability in maven package org.apache.inlong:sort-connector-jdbc
CVE-2020-15366 Vulnerability in maven package org.webjars.npm:ajv
CVE-2020-14967 Vulnerability in maven package org.webjars.bower:jsrsasign
CVE-2022-24823 Vulnerability in maven package io.netty:netty-codec-http
CVE-2021-29486 Vulnerability in npm package cumulative-distribution-function