CVE-2022-21169: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
(updated )
The package express-xss-sanitizer before 1.1.3 is vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
References
Detect and mitigate CVE-2022-21169 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →