Bug 2065290 (CVE-2021-23648) - CVE-2021-23648 sanitize-url: XSS due to improper sanitization in sanitizeUrl function
Summary: CVE-2021-23648 sanitize-url: XSS due to improper sanitization in sanitizeUrl ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-23648
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2066482 2066483 2066484 2066485 2066487 2066488
Blocks: 2065291
TreeView+ depends on / blocked
 
Reported: 2022-03-17 15:30 UTC by Nick Tait
Modified: 2022-11-15 10:06 UTC (History)
34 users (show)

Fixed In Version: sanitize-url 6.0.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.
Clone Of:
Environment:
Last Closed: 2022-09-01 06:25:37 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 10:34:43 UTC
Red Hat Product Errata RHSA-2022:7519 0 None None None 2022-11-08 09:25:51 UTC
Red Hat Product Errata RHSA-2022:8057 0 None None None 2022-11-15 10:06:21 UTC

Description Nick Tait 2022-03-17 15:30:42 UTC
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.

Comment 1 Anten Skrabec 2022-03-21 21:32:37 UTC
Created grafana tracking bugs for this issue:

Affects: fedora-all [bug 2066482]


Created zuul tracking bugs for this issue:

Affects: fedora-all [bug 2066483]

Comment 10 errata-xmlrpc 2022-08-10 10:34:41 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2022:5069 https://access.redhat.com/errata/RHSA-2022:5069

Comment 13 Product Security DevOps Team 2022-09-01 06:25:33 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-23648

Comment 14 errata-xmlrpc 2022-11-08 09:25:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7519 https://access.redhat.com/errata/RHSA-2022:7519

Comment 15 errata-xmlrpc 2022-11-15 10:06:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8057 https://access.redhat.com/errata/RHSA-2022:8057


Note You need to log in before you can comment on or make changes to this bug.