Security Update Advisory for sanitize-html Package (CVE-2024-21501)

Feb 26 2024

Overview

An update has been made available to fix vulnerabilities in the sanitize-html package. Users of affected versions are advised to update to the latest version.

Affected Products

Versions of the sanitize-html package prior to 2.12.1

Resolved Vulnerabilities

Vulnerability to information disclosure when the sanitize-html package is used on the backend and the style attribute is allowed, allowing the system to enumerate files (including project dependencies) (CVE-2024-21501)

Vulnerability Patches

Vulnerability patches were made available in the February 23, 2024 update. Please update to the latest vulnerability patch version according to the reference site.

version of the sanitize-html package 2.12.1 or later

Referenced Sites

[1] CVE-2024-21501 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-21501
[2] Merge pull request #650 from dylanarmstrong/fix/ignore-source-maps
https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4
[3] fix: ignore source maps when processing with postcss
https://github.com/apostrophecms/sanitize-html/pull/650
[4] Information Exposure
https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334

Security Update Advisory for sanitize-html Package (CVE-2024-21501)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

QNAP Security Update Advisory (CVE-2023-47218, CVE-2023-50358)

Joomla Vulnerability Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

QNAP Security Update Advisory (CVE-2023-47218, CVE-2023-50358)

Joomla Vulnerability Security Update Advisory