The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT
, STYLE
, and OPTION
elements.
{ "nvd_published_at": "2021-10-18T15:15:00Z", "cwe_ids": [ "CWE-20" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2021-10-19T16:10:40Z" }