CVE-2021-23445 Information

Jun 07, 2022 cve

Description

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544 https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376 https://cdn.datatables.net/1.11.3/ https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: