Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
References
Link | Resource |
---|---|
https://advisory.checkmarx.net/advisory/CX-2021-4309 | Exploit Patch Third Party Advisory |
https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26 | Release Notes Third Party Advisory |
https://github.com/apostrophecms/sanitize-html/pull/460 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-08T16:16:07
Updated: 2021-03-25T22:01:14
Reserved: 2021-02-01T00:00:00
Link: CVE-2021-26540
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-08T17:15:13.737
Modified: 2021-04-01T15:02:12.757
Link: CVE-2021-26540
JSON object: View
Redhat Information
No data.
CWE