GCVE - cpe:2.3:a:paypal:braintree\/sanitize-url:*:*:*:*:*:node.js:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:paypal:braintree\/sanitize-url:*:*:*:*:*:node.js:*:*

part: a version: * update: *

Vendor	Paypal (`2b642d37-639a-5154-8381-bcda0f140bab`)
Product	Braintree/Sanitize Url (`9f9ea628-30d0-5367-98bc-273d1969b245`)
Edition	*
Language	*
Software edition	*
Target software	node.js
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-48345`	vulnerable	2026-06-03 14:48:33.418591	Details available sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities. Published: 2023-02-24T00:00:00.000Z Updated: 2025-03-12T15:36:20.862Z Open on db.gcve.eu Reference links https://github.com/braintree/sanitize-url/commit/d4bdc89f1743fe3cdb7c3f24b06e4c875f349b0c https://github.com/braintree/sanitize-url/compare/v6.0.1...v6.0.2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-23648`	vulnerable	2026-06-03 14:43:55.488697	Cross-site Scripting (XSS) MEDIUM (5.4) The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. Published: 2022-03-16T15:45:19.074Z Updated: 2024-09-16T16:22:58.288Z Open on db.gcve.eu Reference links https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882 https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11 https://github.com/braintree/sanitize-url/pull/40 https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.