CVE-2021-23899

Improper Restriction of XML External Entity Reference in maven/com.mikesamuel/json-sanitizer

Identifiers

CVE-2021-23899

Package Slug

maven/com.mikesamuel/json-sanitizer

Vulnerability

Improper Restriction of XML External Entity Reference

Description

OWASP json-sanitizer may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

Affected Versions

All versions before 1.2.2

Solution

Upgrade to version 1.2.2 or above.

Last Modified

2021-01-20

source