Vulnerability Description
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Owasp | Json-Sanitizer | < 1.2.2 |
Related Weaknesses (CWE)
References
- https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1PatchThird Party Advisory
- https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2PatchThird Party Advisory
- https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0Third Party Advisory
- https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1PatchThird Party Advisory
- https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2PatchThird Party Advisory
- https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0Third Party Advisory
FAQ
What is CVE-2021-23899?
CVE-2021-23899 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
How severe is CVE-2021-23899?
CVE-2021-23899 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-23899?
Check the references section above for vendor advisories and patch information. Affected products include: Owasp Json-Sanitizer.