VDB
CVE-2021-26539
CVE-2021-26539
PUBLISHED
Reported by mitre · Published February 8, 2021
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, * |
| npm | sanitize-html | 0 |
Exploit Intelligence
- https://advisory.checkmarx.net/advisory/CX-2021-4308 (nist-nvd)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
Timeline
- Feb 8, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 26, 2022 CVE Updated
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- x_refsource_MISC
- x_refsource_MISC
- x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-26539 advisory