CVE-2022-21169
npm/express-xss-sanitizer
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The package express-xss-sanitizer before 1.1.3 is vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
All versions before 1.1.3
Upgrade to version 1.1.3 or above.
2022-09-29
source |