Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Abea Apostrophe Technologies sanitize-html 安全漏洞
Vulnerability Description
Abea Apostrophe Technologies sanitize-html是美国Abea组织的一个清除格式工具。提供了带有清晰API的简单HTML标签清除。 Apostrophe Technologies sanitize-html 2.3.1之前版本存在安全漏洞,该漏洞源于不能正确处理国际化域名(IDN),这可能会让攻击者绕过 allowedIframeHostnames 选项设置的主机名白名单验证。
CVSS Information
N/A
Vulnerability Type
N/A