CVE-2017-0928: External Control of Critical State Data

June 4, 2018 (updated October 9, 2019)

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the ‘_sanitized’ variable causing sanitization to be bypassed.

References

nvd.nist.gov/vuln/detail/CVE-2017-0928

Detect and mitigate CVE-2017-0928 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →