HTML Sanitizer Vulnerability in Oracle Products
CVE-2021-42575

9.8CRITICAL

Key Information:

Vendor: Owasp
Status: Java Html Sanitizer
Vendor: CVE Published:; 18 October 2021

🔔 Create Owasp Vulnerability Alert

What is CVE-2021-42575?

The OWASP Java HTML Sanitizer prior to version 20211018.1 fails to enforce adequate policies for the SELECT, STYLE, and OPTION elements, potentially allowing attackers to execute unauthorized actions or inject malicious scripts that compromise the security of web applications relying on this sanitizer.

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5...

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2021
Vulnerability Reserved
Oct 18, 2021

CVE-2021-42575 Data

.