Owasp · Owasp Json-Sanitizer · CVE-2021-23899
Name of the Vulnerable Software and Affected Versions:
OWASP json-sanitizer versions prior to 1.2.2
Description:
The issue allows an attacker to inject arbitrary HTML or XML into embedding documents by emitting closing SCRIPT tags and CDATA section delimiters for crafted input.
Recommendations:
For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the input to the json-sanitizer to minimize the risk of exploitation.