org.webjars.npm:sanitize-html@1.16.3 vulnerabilities
-
latest version
2.7.0
-
first published
8 years ago
-
latest version published
2 years ago
-
licenses detected
- [1.13.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.webjars.npm:sanitize-html package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Information Exposure when used on the backend and with the How to fix Information Exposure? There is no fixed version for |
[0,)
|
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[,2.7.1)
|
Affected versions of this package are vulnerable to Access Restriction Bypass. Internationalized domain name (IDN) is not properly handled. This allows attackers to bypass hostname whitelist validation set by the How to fix Access Restriction Bypass? Upgrade |
[,2.3.1)
|
Affected versions of this package are vulnerable to Validation Bypass. There is no proper validation of the hostnames set by the How to fix Validation Bypass? Upgrade |
[,2.3.1)
|
Affected versions of this package are vulnerable to Arbitrary Code Execution. Tag transformations which turn an attribute value into a text node using How to fix Arbitrary Code Execution? Upgrade |
[,2.0.0-beta)
|