Description
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
Remediation
References
https://advisory.checkmarx.net/advisory/CX-2021-4309
https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26
https://github.com/apostrophecms/sanitize-html/pull/460
Related Vulnerabilities
CVE-2016-10541 Vulnerability in npm package shell-quote
CVE-2020-36732 Vulnerability in maven package org.webjars.bowergithub.brix:crypto-js
CVE-2021-20086 Vulnerability in npm package jquery-bbq
CVE-2023-34614 Vulnerability in maven package cc.plural:jsonij
CVE-2023-49068 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api