Moderate severityNVD Advisory· Published Feb 8, 2021· Updated Aug 3, 2024
CVE-2021-26539
CVE-2021-26539
Description
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sanitize-htmlnpm | < 2.3.1 | 2.3.1 |
Affected products
2- Apostrophe Technologies/sanitize-htmldescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-rjqq-98f6-6j3rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-26539ghsaADVISORY
- advisory.checkmarx.net/advisory/CX-2021-4308ghsax_refsource_MISCWEB
- github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.mdghsax_refsource_MISCWEB
- github.com/apostrophecms/sanitize-html/commit/bdf7836ef8f0e5b21f9a1aab0623ae8fcd09c1daghsaWEB
- github.com/apostrophecms/sanitize-html/pull/458ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.