Description
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
Remediation
References
https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2
https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0
Related Vulnerabilities
CVE-2020-28498 Vulnerability in npm package elliptic
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12
CVE-2023-5572 Vulnerability in npm package @vrite/sdk
CVE-2022-25873 Vulnerability in maven package org.webjars.npm:vuetify
CVE-2020-9484 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core