Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
References
Link | Resource |
---|---|
https://advisory.checkmarx.net/advisory/CX-2021-4309 | Exploit Patch Third Party Advisory |
https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26 | Release Notes Third Party Advisory |
https://github.com/apostrophecms/sanitize-html/pull/460 | Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-02-08 17:15
Updated : 2024-02-28 18:08
NVD link : CVE-2021-26540
Mitre link : CVE-2021-26540
CVE.ORG link : CVE-2021-26540
JSON object : View
Products Affected
apostrophecms
- sanitize-html
CWE