com.mikesamuel:json-sanitizer versions < 1.2.2 vulnerable.
905 views
Skip to first unread message
Mike Samuel
Jan 12, 2021, 5:29:26 PM1/12/21
to json-sanitizer-support
This is a vulnerability disclosure. Please update to
com.mikesamuel:json-sanitizer:1.2.2
available at https://search.maven.org/artifact/com.mikesamuel/json-sanitizer/1.2.2/jar
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and
CDATA section delimiters for crafted input. This allows an
attacker to inject arbitrary HTML or XML into embedding documents.
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an
undeclared exception for crafted input. This may lead to
denial of service if the application is not prepared to handle these
situations.
CVE-2021-23899. CVE-2021-23900
com.mikesamuel:json-sanitizer:1.2.2
available at https://search.maven.org/artifact/com.mikesamuel/json-sanitizer/1.2.2/jar
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and
CDATA section delimiters for crafted input. This allows an
attacker to inject arbitrary HTML or XML into embedding documents.
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an
undeclared exception for crafted input. This may lead to
denial of service if the application is not prepared to handle these
situations.
CVE-2021-23899. CVE-2021-23900
Reply all
Reply to author
Forward
0 new messages