CVE-2021-26539

Origin Validation Error in npm/sanitize-html

Identifiers

CVE-2021-26539

Package Slug

npm/sanitize-html

Vulnerability

Origin Validation Error

Description

sanitize-html does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass the hostname allowlist validation set by the allowedIframeHostnames option.

Affected Versions

All versions before 2.3.1

Solution

Upgrade to version 2.3.1 or above.

Last Modified

2021-02-15

source