Bug 2266111 (CVE-2024-21501)

Summary: CVE-2024-21501 sanitize-html: Information Exposure when used on the backend
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aarif, aprice, bbuckingham, bcourt, bdettelb, btarraso, caswilli, dkuc, ehelms, fjansen, gparvin, hkataria, jchui, jmitchel, jsamir, jsherril, jtanner, kaycoth, kshier, ktsao, lbainbri, lzap, mhulan, mpierce, nboldt, njean, nmoumoul, oezr, omaciel, orabin, owatkins, pahickey, pcreech, psegedy, rchan, rhaigner, rtaniwa, sdawley, sthirugn, tkral, vkrizan, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An information exposure flaw was found in the sanitize-html package, when used on the backend with the style attribute allowed. This issue may allow an attacker to enumerate files in the system, including project dependencies, to gather details about the file system structure and dependencies of the targeted server.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2266114, 2266115, 2266116, 2266117, 2266118, 2266119, 2266120, 2266121    
Bug Blocks: 2266122    

Description Rohit Keshri 2024-02-26 18:11:04 UTC 
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.

https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf
https://github.com/apostrophecms/apostrophe/discussions/4436
https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4
https://github.com/apostrophecms/sanitize-html/pull/650
https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334
Comment 1 Rohit Keshri 2024-02-26 18:16:38 UTC 
Created glances tracking bugs for this issue:

Affects: epel-all [bug 2266114]
Affects: fedora-all [bug 2266116]


Created golang-github-apache-beam-2 tracking bugs for this issue:

Affects: fedora-all [bug 2266117]


Created golang-github-prometheus tracking bugs for this issue:

Affects: epel-all [bug 2266115]


Created jupyterlab tracking bugs for this issue:

Affects: fedora-all [bug 2266118]


Created python-ipyparallel tracking bugs for this issue:

Affects: fedora-all [bug 2266119]


Created rstudio tracking bugs for this issue:

Affects: fedora-all [bug 2266120]
Comment 4 errata-xmlrpc 2024-04-16 14:53:03 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:1770 https://access.redhat.com/errata/RHSA-2024:1770
Comment 7 Borja Tarraso 2024-11-08 15:27:27 UTC 
This issue has been solved in RHACM 2.10.1 with this public advisory https://access.redhat.com/errata/RHBA-2024:1793
Comment 8 Borja Tarraso 2024-11-08 15:36:31 UTC 
This issue has been solved in RHACM 2.9.4 via this public advisory https://access.redhat.com/errata/RHBA-2024:3593
Comment 9 Borja Tarraso 2024-11-08 15:39:50 UTC 
This issue has been solved in MCE 2.5.2 via this public advisory https://access.redhat.com/errata/RHBA-2024:1775
Comment 10 Borja Tarraso 2024-11-08 16:07:36 UTC 
This issue has been solved in MCE 2.4.5 via this public advisory https://access.redhat.com/errata/RHBA-2024:3555