Moderate severityNVD Advisory· Published Mar 5, 2021· Updated Nov 3, 2025
CVE-2021-3377
CVE-2021-3377
Description
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ansi_upnpm | < 5.0.0 | 5.0.0 |
Affected products
2- ansi_up/ansi_updescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-2v5f-23xc-v9qrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3377ghsaADVISORY
- doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdfghsax_refsource_MISCWEB
- github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27ghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20241108-0002ghsaWEB
News mentions
0No linked articles in our index yet.