CVE-2021-26540
Origin Validation Error in npm/sanitize-html
Identifiers
CVE-2021-26540
Package Slug
npm/sanitize-html
Vulnerability
Origin Validation Error
Description
sanitize-html does not properly validate the hostnames set by the allowedIframeHostnames option when the allowIframeRelativeUrls is set to true, which allows attackers to bypass the hostname allow list for an iframe element.
Affected Versions
All versions before 2.3.2
Solution
Upgrade to version 2.3.2 or above.
Last Modified
2021-02-15
| source |