com.mikesamuel:json-sanitizer

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.mikesamuel:json-sanitizerpage 1 of 1

CVE-2020-13973MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.2.1
2020-06-09
vulnerable: 1.0, 1.1, 1.2.0
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTM…
CVE-2021-23899CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.2.2
2021-01-13
vulnerable: 1.0, 1.1, 1.2.0, 1.2.1
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
CVE-2021-23900HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.2
2021-01-13
vulnerable: 1.0, 1.1, 1.2.0, 1.2.1
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

Check whether com.mikesamuel:json-sanitizer is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.mikesamuel:json-sanitizer CVEs against the assets you own.

Start Free Scan →