CVE-2021-42575

Published: Oct 18, 2021
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-42575" target="_blank" rel="noopener"> CVE-2021-42575
GHSA: <a href="https://github.com/advisories/GHSA-3w73-fmf3-hg5c" target="_blank" rel="noopener"> GHSA-3w73-fmf3-hg5c
Severity: Critical
Exploit:

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

CVSS v3:

CVSS v2:

CWEs:

Software	From	Fixed in
owasp / java_html_sanitizer	-	20211018.2
oracle / primavera_unifier	18.8	18.8.x
oracle / primavera_unifier	17.7	17.12.x
oracle / primavera_unifier	19.12	19.12.x
oracle / primavera_unifier	20.12	20.12.x
oracle / primavera_unifier	21.12	21.12.x
oracle / middleware_common_libraries_and_tools	12.2.1.4.0	12.2.1.4.0.x
oracle / middleware_common_libraries_and_tools	12.2.1.3.0	12.2.1.3.0.x
com.googlecode.owasp-java-html-sanitizer / owasp-java-html-sanitizer	-	20211018.1