VDB
CVE-2021-23472
CVE-2021-23472
PUBLISHED
This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.
EPSS 0.58% · 69.2th percentile
Risk Scores
EPSS Score
0.58%
69.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | zoneminder | 0, 1.32.3-2build1, 1.32.3-2ubuntu1 |
| Ubuntu:25.10 | zoneminder | 0, 1.36.35+dfsg1-1 |
| Ubuntu:Pro:22.04:LTS | zoneminder | 1.36.12+dfsg1-1, 1.36.11+dfsg1-1, 1.36.10+dfsg1-1 |
| Ubuntu:Pro:16.04:LTS | zoneminder | 1.29.0+dfsg-1, 1.29.0+dfsg-1ubuntu1, 1.29.0+dfsg-1ubuntu2 |
| Ubuntu:24.04:LTS | zoneminder | 1.36.33+dfsg1-1build2, 1.36.33+dfsg1-1build3, 1.36.33+dfsg1-1build4 |
Exploit Intelligence
- https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597 (nist-nvd)
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1910690 (nist-nvd)
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1910689 (nist-nvd)
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBWENZHIXIN-1910687 (nist-nvd)
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910688 (nist-nvd)
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597 (nist-nvd)
- https://github.com/wenzhixin/bootstrap-table/blob/develop/src/utils/index.js%23L218 (circl)
Timeline
- Nov 3, 2021 CVE Published
- Nov 4, 2021 EPSS Score
- Nov 28, 2021 CVE Updated
- Dec 30, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 24, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 20, 2022 EPSS Score
- Jun 15, 2022 EPSS Score
- Oct 6, 2022 EPSS Score
- Nov 30, 2022 EPSS Score
- Jan 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-23472 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23472 third-party-advisory