Description
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
Remediation
References
https://advisory.checkmarx.net/advisory/CX-2021-4309
https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26
https://github.com/apostrophecms/sanitize-html/pull/460
Related Vulnerabilities
CVE-2023-26475 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2021-23379 Vulnerability in npm package portkiller
CVE-2022-39243 Vulnerability in maven package com.zaxxer:nuprocess
CVE-2020-36180 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2021-21292 Vulnerability in maven package org.traccar:traccar