sanitize-html@1.27.2 vulnerabilities
Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis
-
latest version
2.13.1
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
a month ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the sanitize-html package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Information Exposure when used on the backend and with the How to fix Information Exposure? Upgrade |
<2.12.1
|
sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
<2.7.1
|
sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Access Restriction Bypass. Internationalized domain name (IDN) is not properly handled. This allows attackers to bypass hostname whitelist validation set by the How to fix Access Restriction Bypass? Upgrade |
<2.3.1
|
sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Validation Bypass. There is no proper validation of the hostnames set by the How to fix Validation Bypass? Upgrade |
<2.3.2
|
sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Arbitrary Code Execution. Tag transformations which turn an attribute value into a text node using How to fix Arbitrary Code Execution? Upgrade |
<2.0.0-beta
|