Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2021-23445
Modified
More InfoOfficial Page
Source-report@snyk.io
View Known Exploited Vulnerability (KEV) details
Published At-27 Sep, 2021 | 17:15
Updated At-21 Jun, 2024 | 19:15

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary3.13.1LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
datatables
datatables
>>datatables.net>>Versions before 1.11.3(exclusive)
cpe:2.3:a:datatables:datatables.net:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cdn.datatables.net/1.11.3/report@snyk.io
Release Notes
Vendor Advisory
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9breport@snyk.io
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00018.htmlreport@snyk.io
N/A
https://security.netapp.com/advisory/ntap-20240621-0006/report@snyk.io
N/A
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371report@snyk.io
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376report@snyk.io
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544report@snyk.io
Exploit
Third Party Advisory
Hyperlink: https://cdn.datatables.net/1.11.3/
Source: report@snyk.io
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
Source: report@snyk.io
Resource:
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html
Source: report@snyk.io
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20240621-0006/
Source: report@snyk.io
Resource: N/A
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
Source: report@snyk.io
Resource:
Exploit
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
Source: report@snyk.io
Resource:
Exploit
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544
Source: report@snyk.io
Resource:
Exploit
Third Party Advisory
Change History
0Changes found
Details not found