Description
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
Remediation
References
https://advisory.checkmarx.net/advisory/CX-2021-4309
https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26
https://github.com/apostrophecms/sanitize-html/pull/460
Related Vulnerabilities
CVE-2021-32684 Vulnerability in npm package magento-scripts
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http2:http2-hpack
CVE-2021-39151 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-jdk15to18
CVE-2021-23899 Vulnerability in maven package com.mikesamuel:json-sanitizer