CVE-2021-26540 — Improper Input Validation in Sanitize-html

CWE-20 — Improper Input Validation6 documents6 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 47.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apostrophecms Sanitize-html

Timeline

PublishedFeb 8

Latest updateMay 6

Description

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDapostrophecms/sanitize-html< 2.3.2

▶npmapostrophecms/sanitize-html< 2.3.2

Patches

Patch: advisory.checkmarx.net ↗Patch: github.com ↗Patch: advisory.checkmarx.net ↗

🔴Vulnerability Details

OSV

Improper Input Validation in sanitize-html↗2021-05-06

▶

GHSA

Improper Input Validation in sanitize-html↗2021-05-06

▶

CVEList

CVE-2021-26540: Apostrophe Technologies sanitize-html before 2↗2021-02-08

▶

📋Vendor Advisories

Red Hat

sanitize-html: improper validation of hostnames set by the "allowedIframeHostnames" option can lead to bypass hostname whitelist for iframe element↗2021-01-26

▶

Debian

CVE-2021-26540: node-sanitize-html - Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate th...↗2021

▶