CVE-2021-23342: Cross-site Scripting

February 19, 2021 (updated February 25, 2021)

It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more //// characters

References

nvd.nist.gov/vuln/detail/CVE-2021-23342

Code Behaviors & Features

Detect and mitigate CVE-2021-23342 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →