GHSA-mm8j-9x84-m9cv

Suggest an improvement
Source
https://github.com/advisories/GHSA-mm8j-9x84-m9cv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-mm8j-9x84-m9cv/GHSA-mm8j-9x84-m9cv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mm8j-9x84-m9cv
Aliases
Published
2021-06-16T17:34:18Z
Modified
2023-11-08T04:05:13.858556Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Arbitrary code injection in json-sanitizer
Details

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

References

Affected packages

Maven / com.mikesamuel:json-sanitizer

Package

Name
com.mikesamuel:json-sanitizer
View open source insights on deps.dev
Purl
pkg:maven/com.mikesamuel/json-sanitizer

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2

Affected versions

1.*

1.0
1.1
1.2.0
1.2.1