ByteOS Network

NVD Vulnerability Details :

CVE-2024-21501

Analyzed

Source-report@snyk.io

Published At-24 Feb, 2024 | 05:15

Updated At-25 Apr, 2025 | 19:37

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CPE Matches

apostrophecms>>sanitize-html>>Versions before 2.12.1(exclusive)

cpe:2.3:a:apostrophecms:sanitize-html:*:*:*:*:*:node.js:*:*

Fedora Project

>>fedora>>39

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Fedora Project

>>fedora>>40

cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Secondary	report@snyk.io
CWE-538	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-200

Type: Secondary

Source: report@snyk.io

CWE ID: CWE-538

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf	report@snyk.io	Exploit Third Party Advisory
https://github.com/apostrophecms/apostrophe/discussions/4436	report@snyk.io	Issue Tracking
https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4	report@snyk.io	Patch
https://github.com/apostrophecms/sanitize-html/pull/650	report@snyk.io	Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/	report@snyk.io	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/	report@snyk.io	Mailing List
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557	report@snyk.io	Exploit Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334	report@snyk.io	Exploit Third Party Advisory
https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory
https://github.com/apostrophecms/apostrophe/discussions/4436	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking
https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4	af854a3a-2127-422b-91ae-364da2661108	Patch
https://github.com/apostrophecms/sanitize-html/pull/650	af854a3a-2127-422b-91ae-364da2661108	Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/	af854a3a-2127-422b-91ae-364da2661108	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/	af854a3a-2127-422b-91ae-364da2661108	Mailing List
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory