Description
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
Remediation
References
https://advisory.checkmarx.net/advisory/CX-2021-4309
https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26
https://github.com/apostrophecms/sanitize-html/pull/460
Related Vulnerabilities
CVE-2019-13127 Vulnerability in maven package org.webjars.bowergithub.jgraph:mxgraph
CVE-2022-31160 Vulnerability in maven package org.fujion.webjars:jquery-ui
CVE-2021-22060 Vulnerability in maven package org.springframework:spring-core
CVE-2023-37961 Vulnerability in maven package org.jenkins-ci.plugins:assembla-auth
CVE-2022-36127 Vulnerability in npm package skywalking-backend-js