CVE-2024-21501

Name of the Vulnerable Software and Affected Versions sanitize-html versions prior to 2.12.1

Description The issue allows for Information Exposure when the style attribute is permitted on the backend, enabling an attacker to enumerate files in the system, including project dependencies. This could be exploited to gather details about the file system structure and dependencies of the targeted server.

Recommendations For versions prior to 2.12.1, update to version 2.12.1 or later to resolve the issue. As a temporary workaround, consider disabling the style attribute when using sanitize-html on the backend to minimize the risk of exploitation.