CVE-2021-42575
Aliases:GHSA-3w73-fmf3-hg5c
Advisory lineage Upstream: 0 Downstream: 3
Downstream
Modified
Published: 18 Oct 2021, 14:38
Last modified:04 Aug 2024, 03:38
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.1 (nvd)
EPSS Score
0.72% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
18 Oct 2021, 14:38
Published
Vulnerability first disclosed
04 Aug 2024, 03:38
Last Modified
Vulnerability information updated
Description
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.72%• Percentile: 73%
Affected Systems
- com.googlecode.owasp-java-html-sanitizer•owasp-java-html-sanitizer
< 20211018.1
- oracle•middleware_common_libraries_and_tools
12.2.1.3.0 | 12.2.1.4.0
- oracle•primavera_unifier
≥ 17.7, ≤ 17.12 | 18.8 | 19.12 | 20.12 | 21.12
- owasp•java_html_sanitizer
< 20211018.2
References (5)
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-42575
- https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50