Moole Vulnerability Database

Find real vulnerabilities before they ship

Medium

CVE-2021-23445

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

VectorNETWORK

PublishedSep 27, 2021, 17:15

Published Byreport@snyk.io

Base Score

Score6.1

Affected Versions

Package (Ecosystem)IntroducedFixedLimit

datatables.net(npm)01.11.3N/A

References

https://cdn.datatables.net/1.11.3/
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html
https://security.netapp.com/advisory/ntap-20240621-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544

Weakness Type

CWE-79

CVSS Metrics

Base Score

6.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base SeverityMedium

Version

3.1

Attack Vector (AV)

NETWORK