Description

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".

Remediation

References

https://advisory.checkmarx.net/advisory/CX-2021-4309

https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26

https://github.com/apostrophecms/sanitize-html/pull/460

Related Vulnerabilities

CVE-2017-16150 Vulnerability in npm package wangguojing123

CVE-2023-26139 Vulnerability in npm package underscore-keypath

CVE-2022-1291 Vulnerability in npm package tableexport.jquery.plugin

CVE-2021-23341 Vulnerability in npm package prismjs

CVE-2022-31166 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Exploit Patch Third Party Advisory Release Notes NVD-CWE-noinfo