Sanitize Html
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:sanitize-html:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Sanitize Html (c75e485b-2048-532f-b7d3-50fcbad8cc5e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-21501 |
vulnerable | 2026-06-08 06:27:35.437212 |
Details available
MEDIUM (5.3)
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.
Published: 2024-02-24T05:00:02.731Z
Updated: 2025-02-13T17:33:15.082Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25887 |
vulnerable | 2026-06-08 05:41:49.624183 |
Regular Expression Denial of Service (ReDoS)
MEDIUM (5.3)
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
Published: 2022-08-30T05:00:20.149Z
Updated: 2024-09-17T03:07:00.082Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.