Description

An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.

Remediation

References

CVE-2020-27511

Related Vulnerabilities

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17672)

Oracle JRE CVE-2013-0432 Vulnerability (CVE-2013-0432)

WordPress Plugin Theme Tuner 'tt-abspath' Parameter Remote File Include (0.7)

WordPress Plugin NextGEN Gallery-WordPress Gallery Unspecified Vulnerability (2.2.46)

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress PHAR Deserialization (3.7.9)

Severity

High

Classification

CVE-2020-27511 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities