Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-21501
PUBLISHED
More InfoOfficial Page
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
View Known Exploited Vulnerability (KEV) details
Published At-24 Feb, 2024 | 05:00
Updated At-13 Feb, 2025 | 17:33
Rejected At-
▼CVE Numbering Authority (CNA)

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.

Affected Products
Vendor
n/a
Product
sanitize-html
Versions
Affected
  • From 0 before 2.12.1 (semver)
Vendor
n/a
Product
org.webjars.npm:sanitize-html
Versions
Affected
  • From 0 before * (semver)
Problem Types
TypeCWE IDDescription
N/AN/AInformation Exposure
Type: N/A
CWE ID: N/A
Description: Information Exposure
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Vsevolod Kokorin (Slonser) of Solidlab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334
N/A
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557
N/A
https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf
N/A
https://github.com/apostrophecms/sanitize-html/pull/650
N/A
https://github.com/apostrophecms/apostrophe/discussions/4436
N/A
https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/
N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557
Resource: N/A
Hyperlink: https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf
Resource: N/A
Hyperlink: https://github.com/apostrophecms/sanitize-html/pull/650
Resource: N/A
Hyperlink: https://github.com/apostrophecms/apostrophe/discussions/4436
Resource: N/A
Hyperlink: https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334
x_transferred
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557
x_transferred
https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf
x_transferred
https://github.com/apostrophecms/sanitize-html/pull/650
x_transferred
https://github.com/apostrophecms/apostrophe/discussions/4436
x_transferred
https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557
Resource:
x_transferred
Hyperlink: https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf
Resource:
x_transferred
Hyperlink: https://github.com/apostrophecms/sanitize-html/pull/650
Resource:
x_transferred
Hyperlink: https://github.com/apostrophecms/apostrophe/discussions/4436
Resource:
x_transferred
Hyperlink: https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
apostrophecms
Product
sanitize-html
CPEs
  • cpe:2.3:a:apostrophecms:sanitize-html:*:*:*:*:*:node.js:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-538CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory
Type: CWE
CWE ID: CWE-538
Description: CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found