GHSA-3w73-fmf3-hg5c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3w73-fmf3-hg5c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-3w73-fmf3-hg5c/GHSA-3w73-fmf3-hg5c.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-3w73-fmf3-hg5c
- Aliases
-
- CVE-2021-42575
- Published
- 2021-10-19T20:15:50Z
- Modified
- 2024-02-19T05:33:09.689706Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Policies not properly enforced in OWASP Java HTML Sanitizer
- Details
-
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the
SELECT,STYLE, andOPTIONelements. - Database specific
{ "cwe_ids": [ "CWE-20" ], "github_reviewed": true, "nvd_published_at": "2021-10-18T15:15:00Z", "github_reviewed_at": "2021-10-19T16:10:40Z", "severity": "CRITICAL" }- References
Affected packages
Maven / com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
Package
- Name
- com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
- View open source insights on deps.dev
- Purl
- pkg:maven/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20211018.1
Affected versions
Other
r136
r156
r163
r164
r173
r198
r209
r223
r232
r239
1.*
1.1
20150501.*
20150501.1
20151202.*
20151202.2
20160203.*
20160203.1
20160413.*
20160413.1
20160422.*
20160422.1
20160526.*
20160526.1
20160614.*
20160614.1
20160628.*
20160628.1
20160827.*
20160827.1
20160924.*
20160924.1
20170329.*
20170329.1
20170408.*
20170408.1
20170411.*
20170411.1
20170512.*
20170512.1
20170515.*
20170515.1
20171016.*
20171016.1
20180219.*
20180219.1
20181114.*
20181114.1
20190325.*
20190325.1
20190503.*
20190503.1
20190610.*
20190610.1
20191001.*
20191001.1
20200615.*
20200615.1
20200713.*
20200713.1