CVE-2021-23472

Description

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.

POC

Reference

https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1910690
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1910689
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBWENZHIXIN-1910687
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910688
https://snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597

Github

No PoCs found on GitHub currently.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2021-23472.md

CVE-2021-23472.md

CVE-2021-23472

Description

POC

Reference

Github

Files

CVE-2021-23472.md

Latest commit

History

CVE-2021-23472.md

File metadata and controls

CVE-2021-23472

Description

POC

Reference

Github