External Control of Critical State Data
CVE-2017-0928
Summary
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.
- LOW
- NETWORK
- LOW
- CHANGED
- REQUIRED
- NONE
- LOW
- NONE
CWE-642 - External Control of Critical State Data
The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.
Advisory Timeline
- Published