CVE-2021-23648

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions @braintree/sanitize-url versions prior to 6.0.0

Description The issue is related to Cross-site Scripting (XSS) due to improper sanitization in the sanitizeUrl function. This allows for potential XSS attacks.

Recommendations For versions prior to 6.0.0, update to version 6.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the sanitizeUrl function until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2022:7519

ALSA-2022:8057

CESA-2022_7519

CVE-2021-23648

GHSA-HQQ7-2Q2V-82XQ

RHSA-2022:7519

RHSA-2022:8057

RHSA-2022_7519

RHSA-2022_8057

RLSA-2022:7519

RLSA-2022:8057

SNYK-JS-BRAINTREESANITIZEURL-2339882

Affected Products

@Braintree/Sanitize-Url

Almalinux

Centos

Red Hat

Rocky Linux

CVE-2021-23648

Weakness Enumeration

Related Identifiers

Affected Products

References · 81