Description
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
Remediation
References
https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2
https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0
Related Vulnerabilities
CVE-2023-22665 Vulnerability in maven package org.apache.jena:jena-arq
CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-svgrasterizer
CVE-2018-1324 Vulnerability in maven package org.apache.commons:commons-compress
CVE-2022-24802 Vulnerability in npm package deepmerge-ts
CVE-2019-16772 Vulnerability in maven package org.webjars.npm:serialize-to-js