CVE-2021-26539
npm/sanitize-html
Origin Validation Error
sanitize-html does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass the hostname allowlist validation set by the allowedIframeHostnames
option.
All versions before 2.3.1
Upgrade to version 2.3.1 or above.
2021-02-15
source |