Skip to main content

External Control of Critical State Data

CVE-2017-0928

Severity Medium
Score 6.1/10

Summary

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

  • LOW
  • NETWORK
  • LOW
  • CHANGED
  • REQUIRED
  • NONE
  • LOW
  • NONE

CWE-642 - External Control of Critical State Data

The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.

Advisory Timeline

  • Published