GCVE - cpe:2.3:a:owasp:json-sanitizer:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:owasp:json-sanitizer:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Owasp (`b778b703-6f88-5eeb-b966-330b456a6d00`)
Product	Json Sanitizer (`f16bcd0e-0373-5515-8fde-c96a1237a32f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/owasp/json-sanitizer`	purl2cpe	2026-06-01 10:12:07.108112
`pkg:maven/com.mikesamuel/json-sanitizer`	purl2cpe	2026-06-01 10:12:07.108115

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-23900`	vulnerable	2026-06-03 14:43:55.856187	Details available OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations. Published: 2021-01-13T15:50:51.000Z Updated: 2024-08-03T19:14:09.463Z Open on db.gcve.eu Reference links https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2 https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0 https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-23899`	vulnerable	2026-06-03 14:43:55.855763	Details available OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents. Published: 2021-01-13T15:49:56.000Z Updated: 2024-08-03T19:14:09.335Z Open on db.gcve.eu Reference links https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2 https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0 https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13973`	vulnerable	2026-06-03 14:41:37.620910	Details available OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript. Published: 2020-06-09T03:51:10.000Z Updated: 2024-08-04T12:32:14.557Z Open on db.gcve.eu Reference links https://github.com/OWASP/json-sanitizer/pull/20	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.