CVE-2021-42575
published 2021-10-18CVE-2021-42575: The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | middleware_common_libraries_and_tools | — | — |
| oracle | middleware_common_libraries_and_tools | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | 17.7 – 17.12 | — |
| owasp | java_html_sanitizer | < 20211018.2 | 20211018.2 |