CVE-2021-23899 Vulnerability in maven package com.mikesamuel:json-sanitizer

Description

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

Remediation

References

https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e

https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2

https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0

Related Vulnerabilities

CVE-2020-28498 Vulnerability in npm package elliptic

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12

CVE-2023-5572 Vulnerability in npm package @vrite/sdk

CVE-2022-25873 Vulnerability in maven package org.webjars.npm:vuetify

CVE-2020-9484 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Critical

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H