CRITICAL🇵🇱 Wersja polska

CVE-2021-42575

CVSS 9.8v3.1pub. 2021-10-18upd. 2024-11-21

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle Middleware Common Libraries And Tools

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
  • Oracle Primavera Unifier

    APP
    Oracle
    18.819.1220.1221.1217.7 – 17.12
  • Owasp Java Html Sanitizer

    APP
    Owasp
    < 20211018.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-23305CRITICAL9.8ten sam produkt

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the val...

CVE-2021-23926CRITICAL9.1ten sam produkt

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user fro...

CVE-2020-25020CRITICAL9.8ten sam produkt

MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.

CVE-2020-9547CRITICAL9.8ten sam produkt

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and ty...

CVE-2020-9546CRITICAL9.8ten sam produkt

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and ty...