sanitize-html@1.27.5

Vulnerabilities

1 via 1 paths

Dependencies

19

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Arbitrary Code Execution

  • Vulnerable module: sanitize-html
  • Introduced through: sanitize-html@1.27.5

Detailed paths

  • Introduced through: sanitize-html@1.27.5
    Remediation: Upgrade to sanitize-html@2.0.0.

Overview

sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis

Affected versions of this package are vulnerable to Arbitrary Code Execution. Tag transformations which turn an attribute value into a text node using transformTags could be vulnerable to code execution.

Remediation

Upgrade sanitize-html to version 2.0.0-beta or higher.

References