CVE-2021-23899

Published January 13th, 2021

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

OWASP/json-sanitizer

Given JSON-like content, The JSON Sanitizer converts it to valid JSON.

GitHub

218