Bug 2257732 (CVE-2021-23445) - CVE-2021-23445 datatables.net: contents of array not escaped by HTML escape entities function
Summary: CVE-2021-23445 datatables.net: contents of array not escaped by HTML escape e...
Keywords:
Status: NEW
Alias: CVE-2021-23445
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2257736
Blocks: 2257734
TreeView+ depends on / blocked
 
Reported: 2024-01-10 16:17 UTC by ybuenos
Modified: 2024-06-03 17:10 UTC (History)
46 users (show)

Fixed In Version: datatables.net 1.11.3
Doc Type: If docs needed, set a value
Doc Text:
An improper neutralization of input vulnerability was found in datatables.net. If an array is passed to the HTML escape entities function, it does not have its contents escaped, possibly leading to cross site scripting (XSS).
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:3559 0 None None None 2024-06-03 16:58:39 UTC
Red Hat Product Errata RHSA-2024:3560 0 None None None 2024-06-03 17:00:15 UTC
Red Hat Product Errata RHSA-2024:3561 0 None None None 2024-06-03 16:59:41 UTC
Red Hat Product Errata RHSA-2024:3563 0 None None None 2024-06-03 17:10:21 UTC

Comment 2 errata-xmlrpc 2024-06-03 16:58:36 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2024:3559 https://access.redhat.com/errata/RHSA-2024:3559

Comment 3 errata-xmlrpc 2024-06-03 16:59:38 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2024:3561 https://access.redhat.com/errata/RHSA-2024:3561

Comment 4 errata-xmlrpc 2024-06-03 17:00:12 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2024:3560 https://access.redhat.com/errata/RHSA-2024:3560

Comment 5 errata-xmlrpc 2024-06-03 17:10:18 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:3563 https://access.redhat.com/errata/RHSA-2024:3563


Note You need to log in before you can comment on or make changes to this bug.