Medium severity5.3NVD Advisory· Published Feb 24, 2024· Updated Jun 17, 2026
CVE-2024-21501
CVE-2024-21501
Description
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sanitize-htmlnpm | < 2.12.1 | 2.12.1 |
Affected products
10- osv-coords9 versionspkg:apk/chainguard/py3.10-jupyterlabpkg:apk/chainguard/py3.11-jupyterlabpkg:apk/chainguard/py3.12-jupyterlabpkg:apk/chainguard/py3.13-jupyterlabpkg:apk/wolfi/py3.10-jupyterlabpkg:apk/wolfi/py3.11-jupyterlabpkg:apk/wolfi/py3.12-jupyterlabpkg:apk/wolfi/py3.13-jupyterlabpkg:npm/sanitize-html
< 4.6.1-r1+ 8 more
- (no CPE)range: < 4.6.1-r1
- (no CPE)range: < 4.6.1-r1
- (no CPE)range: < 4.6.1-r1
- (no CPE)range: < 4.6.1-r1
- (no CPE)range: < 4.6.1-r1
- (no CPE)range: < 4.6.1-r1
- (no CPE)range: < 4.6.1-r1
- (no CPE)range: < 4.6.1-r1
- (no CPE)range: < 2.12.1
- Range: 0
Patches
Vulnerability mechanics
References
11- github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4nvdPatchWEB
- github.com/apostrophecms/sanitize-html/pull/650nvdPatchWEB
- gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cfnvdExploitThird Party AdvisoryWEB
- security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557nvdExploitThird Party AdvisoryWEB
- security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-rm97-x556-q36hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21501ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/nvdMailing List
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4SghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/nvdMailing List
News mentions
0No linked articles in our index yet.