You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Introduced through: fec-cms@1.0.0 › sanitize-html@1.18.4 Remediation: Upgrade to sanitize-html@2.3.1
Overview
sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis
Affected versions of this package are vulnerable to Access Restriction Bypass. Internationalized domain name (IDN) is not properly handled. This allows attackers to bypass hostname whitelist validation set by the allowedIframeHostnames option.
Vulnerable module: sanitize-html
Introduced through: sanitize-html@1.18.4
Fixed in: 2.3.1
Introduced through: fec-cms@1.0.0 › sanitize-html@1.18.4
Remediation: Upgrade to sanitize-html@2.3.1
Overview
sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis
Affected versions of this package are vulnerable to Access Restriction Bypass. Internationalized domain name (IDN) is not properly handled. This allows attackers to bypass hostname whitelist validation set by the allowedIframeHostnames option.
Read more: https://app.snyk.io/org/fecgov/project/2a97cddb-4b62-4d54-b18f-3b85d55a5e10/?fromGitHubAuth=true#issue-SNYK-JS-SANITIZEHTML-1070786
The text was updated successfully, but these errors were encountered: