CVE-2021-42575
First published: Mon Oct 18 2021(Updated: )
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OWASP Java HTML Sanitizer | <20211018.2 | |
| Oracle Middleware Common Libraries And Tools | =12.2.1.3.0 | |
| Oracle Middleware Common Libraries And Tools | =12.2.1.4.0 | |
| Oracle Primavera Unifier | >=17.7<=17.12 | |
| Oracle Primavera Unifier | =18.8 | |
| Oracle Primavera Unifier | =19.12 | |
| Oracle Primavera Unifier | =20.12 | |
| Oracle Primavera Unifier | =21.12 | |
| <20211018.2 | ||
| =12.2.1.3.0 | ||
| =12.2.1.4.0 | ||
| >=17.7<=17.12 | ||
| =18.8 | ||
| =19.12 | ||
| =20.12 | ||
| =21.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-42575.
What is the severity of CVE-2021-42575?
The severity of CVE-2021-42575 is critical with a CVSS score of 9.8.
Which elements does the OWASP Java HTML Sanitizer before 20211018.1 fail to enforce policies on?
The OWASP Java HTML Sanitizer before 20211018.1 fails to enforce policies on the SELECT, STYLE, and OPTION elements.
Which software is affected by CVE-2021-42575?
The OWASP Java HTML Sanitizer before 20211018.1 and Oracle Middleware Common Libraries And Tools versions 12.2.1.3.0 and 12.2.1.4.0, as well as Oracle Primavera Unifier versions 17.7 to 17.12, 18.8, 19.12, 20.12, and 21.12 are affected by CVE-2021-42575.
How do I fix CVE-2021-42575?
To fix CVE-2021-42575, update to the latest version of OWASP Java HTML Sanitizer (20211018.2) or Oracle Middleware Common Libraries And Tools (12.2.1.3.1 or later).
- collector/nvd-index
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/owasp
- canonical/owasp java html sanitizer
- vendor/oracle
- canonical/oracle middleware common libraries and tools
- version/oracle middleware common libraries and tools/12.2.1.3.0
- version/oracle middleware common libraries and tools/12.2.1.4.0
- canonical/oracle primavera unifier
- version/oracle primavera unifier/17.7
- version/oracle primavera unifier/17.12
- version/oracle primavera unifier/18.8
- version/oracle primavera unifier/19.12
- version/oracle primavera unifier/20.12
- version/oracle primavera unifier/21.12