CVE-2021-26540
npm/sanitize-html
Origin Validation Error
sanitize-html does not properly validate the hostnames set by the allowedIframeHostnames
option when the allowIframeRelativeUrls
is set to true, which allows attackers to bypass the hostname allow list for an iframe element.
All versions before 2.3.2
Upgrade to version 2.3.2 or above.
2021-02-15
source |