REDHAT-BUG-2266111
First published: Mon Feb 26 2024(Updated: )
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server. <a href="https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf">https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf</a> <a href="https://github.com/apostrophecms/apostrophe/discussions/4436">https://github.com/apostrophecms/apostrophe/discussions/4436</a> <a href="https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4">https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4</a> <a href="https://github.com/apostrophecms/sanitize-html/pull/650">https://github.com/apostrophecms/sanitize-html/pull/650</a> <a href="https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334">https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ApostropheCMS | <2.12.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf
- https://github.com/apostrophecms/apostrophe/discussions/4436
- https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4
- https://github.com/apostrophecms/sanitize-html/pull/650
- https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2266114
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2266116
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2266117
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2266115
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2266118
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2266119
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2266120
- https://access.redhat.com/errata/RHSA-2024:1770
- https://access.redhat.com/errata/RHBA-2024:1793
- https://access.redhat.com/errata/RHBA-2024:3593
- https://access.redhat.com/errata/RHBA-2024:1775
- https://access.redhat.com/errata/RHBA-2024:3555
- https://bugzilla.redhat.com/show_bug.cgi?id=2266111
Frequently Asked Questions
What is the severity of REDHAT-BUG-2266111?
The severity of REDHAT-BUG-2266111 is classified as critical due to the potential for information exposure.
How do I fix REDHAT-BUG-2266111?
To fix REDHAT-BUG-2266111, update the sanitize-html package to version 2.12.1 or later.
What causes the vulnerability in REDHAT-BUG-2266111?
The vulnerability in REDHAT-BUG-2266111 is caused by allowing the style attribute on the backend, which can lead to information exposure.
Which applications are affected by REDHAT-BUG-2266111?
Applications using sanitize-html versions prior to 2.12.1 are affected by REDHAT-BUG-2266111.
What can an attacker do with exploit REDHAT-BUG-2266111?
An attacker exploiting REDHAT-BUG-2266111 could enumerate files in the system, including project dependencies.
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/references
- agent/trending
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-21501
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apostrophecms
- canonical/apostrophecms