CVE-2021-23445

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

References

Affected packages

Debian:11 / datatables.js

Package

Name: datatables.js
Purl: pkg:deb/debian/datatables.js?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.21+dfsg-2+deb11u1

Affected versions

1.*

1.10.21+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / datatables.js

Package

Name: datatables.js
Purl: pkg:deb/debian/datatables.js?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.21+dfsg-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / datatables.js

Package

Name: datatables.js
Purl: pkg:deb/debian/datatables.js?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.21+dfsg-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/datatables/datatablessrc

Affected ranges

Type: GIT
Repo: https://github.com/datatables/datatablessrc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

79772b97fe6d45af67057cc13fa6af3f00c873ea

Type: GIT
Repo: https://github.com/datatables/dist-datatables
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b

Affected versions

1.*

1.0.1

1.10.0

1.10.0-beta.1

1.10.0-beta.2

1.10.0-rc.1

1.10.1

1.10.10

1.10.11

1.10.12

1.10.13

1.10.14

1.10.15

1.10.16

1.10.17

1.10.18

1.10.19

1.10.2

1.10.20

1.10.21

1.10.22

1.10.23

1.10.24

1.10.25

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.10.8

1.10.9

1.11.0

1.11.1

1.11.2

1.7.0