CVE-2021-42575

CWE-20Improper Input Validation11 documents6 sources
Severity
9.8CRITICAL
EPSS
0.7%
top 27.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Owasp Java Html SanitizerOracle Primavera UnifierOracle Middleware Common Libraries AND Tools
Timeline
PublishedOct 18
Latest updateJul 15

Description

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDowasp/java_html_sanitizer< 20211018.2
NVDoracle/primavera_unifier17.717.12+4
NVDoracle/middleware_common_libraries_and_tools12.2.1.3.0, 12.2.1.4.0+1

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
Policies not properly enforced in OWASP Java HTML Sanitizer2021-10-19
OSV
Policies not properly enforced in OWASP Java HTML Sanitizer2021-10-19
CVEList
CVE-2021-42575: The OWASP Java HTML Sanitizer before 202110182021-10-18

📋Vendor Advisories

7
Oracle
Oracle Oracle Supply Chain Risk Matrix: Web Client (Java HTML Sanitizer) — CVE-2021-425752025-07-15
Oracle
Oracle Oracle Hyperion Risk Matrix: Hub (Java HTML Sanitizer) — CVE-2021-425752024-01-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Configuration (Java HTML Sanitizer) — CVE-2021-425752023-07-15
Oracle
Oracle Oracle Commerce Risk Matrix: Platform (OWASP Java HTML Sanitizer ) — CVE-2021-425752023-04-15
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Third Party Patch (AntiSamy) — CVE-2021-425752022-07-15
CVE-2021-42575 (CRITICAL CVSS 9.8) | The OWASP Java HTML Sanitizer befor | cvebase.io