2257732 – (CVE-2021-23445) CVE-2021-23445 datatables.net: contents of array not escaped by HTML escape entities function

Bug 2257732 (CVE-2021-23445) - CVE-2021-23445 datatables.net: contents of array not escaped by HTML escape entities function

Summary: CVE-2021-23445 datatables.net: contents of array not escaped by HTML escape e...

Keywords:
Status:	NEW
Alias:	CVE-2021-23445
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2257736
Blocks:	2257734
TreeView+	depends on / blocked

Reported:	2024-01-10 16:17 UTC by ybuenos
Modified:	2024-06-03 17:10 UTC (History)
CC List:	46 users (show)
Fixed In Version:	datatables.net 1.11.3
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:3559	None	None	None	2024-06-03 16:58:39 UTC
Red Hat Product Errata	RHSA-2024:3560	None	None	None	2024-06-03 17:00:15 UTC
Red Hat Product Errata	RHSA-2024:3561	None	None	None	2024-06-03 16:59:41 UTC
Red Hat Product Errata	RHSA-2024:3563	None	None	None	2024-06-03 17:10:21 UTC

Description ybuenos 2024-01-10 16:17:39 UTC

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
https://cdn.datatables.net/1.11.3/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html

Comment 2 errata-xmlrpc 2024-06-03 16:58:36 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2024:3559 https://access.redhat.com/errata/RHSA-2024:3559

Comment 3 errata-xmlrpc 2024-06-03 16:59:38 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2024:3561 https://access.redhat.com/errata/RHSA-2024:3561

Comment 4 errata-xmlrpc 2024-06-03 17:00:12 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2024:3560 https://access.redhat.com/errata/RHSA-2024:3560

Comment 5 errata-xmlrpc 2024-06-03 17:10:18 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:3563 https://access.redhat.com/errata/RHSA-2024:3563

Note You need to log in before you can comment on or make changes to this bug.

aileenc
asoldano
aturgema
bbaranow
bbuckingham
bcourt
bmaxwell
brian.stansberry
cdewolf
chazlett
darran.lofthouse
dhanak
dkreling
dosoudil
ehelms
fjuma
gmalinko
ibek
ivassile
iweiss
janstey
jrokos
jsherril
kverlaen
lgao
lzap
mhulan
michal.skrivanek
mnovotny
mosmerov
mperina
msochure
mstefank
msvehla
nmoumoul
nwallace
orabin
pcreech
pdelbell
pjindal
pmackay
rchan
rguimara
rstancel
smaestri
tom.jenkinson