DEBIAN-CVE-2021-3377

DEBIAN-CVE-2021-3377 PUBLISHED CVSS 6.099999904632568 MEDIUM

The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.

Risk Scores

CVSS 3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:11	node-ansi-up	0, 0, 0
Debian:14	node-ansi-up	0, 0, 0
Debian:13	node-ansi-up	0, 0, 0
Debian:12	node-ansi-up	0, 0, 0

Exploit Intelligence

Nuclei Template: CVE-2021-3377 (nuclei-template)

Timeline

Mar 5, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-3377 advisory

Open in Interactive Console →