Description

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".

Remediation

References

https://advisory.checkmarx.net/advisory/CX-2021-4309

https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26

https://github.com/apostrophecms/sanitize-html/pull/460

Related Vulnerabilities

CVE-2021-29479 Vulnerability in maven package io.ratpack:ratpack-core

CVE-2022-36898 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations

CVE-2021-25978 Vulnerability in npm package apostrophe

CVE-2020-13410 Vulnerability in npm package aedes

CVE-2022-31069 Vulnerability in npm package @finastra/nestjs-proxy

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Exploit Patch Third Party Advisory Release Notes NVD-CWE-noinfo