CVE-2021-23899
maven/com.mikesamuel/json-sanitizer
Improper Restriction of XML External Entity Reference
OWASP json-sanitizer may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
All versions before 1.2.2
Upgrade to version 1.2.2 or above.
2021-01-20
source |