CVE-2017-0928

EPSS 1.0%CWE-642

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

Productos afectados

HackerOne · html-janitor node module

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/guardian/html-janitor/issues/35 https://hackerone.com/reports/308158