GHSA-3w73-fmf3-hg5c

Suggest an improvement
Source
https://github.com/advisories/GHSA-3w73-fmf3-hg5c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-3w73-fmf3-hg5c/GHSA-3w73-fmf3-hg5c.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-3w73-fmf3-hg5c
Aliases
  • CVE-2021-42575
Published
2021-10-19T20:15:50Z
Modified
2024-02-19T05:33:09.689706Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Policies not properly enforced in OWASP Java HTML Sanitizer
Details

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

Database specific
{
    "nvd_published_at": "2021-10-18T15:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-19T16:10:40Z"
}
References

Affected packages

Maven / com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer

Package

Name
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
View open source insights on deps.dev
Purl
pkg:maven/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20211018.1

Affected versions

Other

r136
r156
r163
r164
r173
r198
r209
r223
r232
r239

1.*

1.1

20150501.*

20150501.1

20151202.*

20151202.2

20160203.*

20160203.1

20160413.*

20160413.1

20160422.*

20160422.1

20160526.*

20160526.1

20160614.*

20160614.1

20160628.*

20160628.1

20160827.*

20160827.1

20160924.*

20160924.1

20170329.*

20170329.1

20170408.*

20170408.1

20170411.*

20170411.1

20170512.*

20170512.1

20170515.*

20170515.1

20171016.*

20171016.1

20180219.*

20180219.1

20181114.*

20181114.1

20190325.*

20190325.1

20190503.*

20190503.1

20190610.*

20190610.1

20191001.*

20191001.1

20200615.*

20200615.1

20200713.*

20200713.1