Description
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.
Remediation
References
https://github.com/guardian/html-janitor/issues/35
https://hackerone.com/reports/308158
Related Vulnerabilities
CVE-2019-16541 Vulnerability in maven package org.jenkins-ci.plugins:jira
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on
CVE-2019-1003081 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer
CVE-2017-7678 Vulnerability in maven package org.apache.spark:spark-core
CVE-2012-6153 Vulnerability in maven package org.apache.httpcomponents:httpclient