CVE-2021-26539: Origin Validation Error

February 8, 2021 (updated April 26, 2022)

sanitize-html does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass the hostname allowlist validation set by the allowedIframeHostnames option.

References

nvd.nist.gov/vuln/detail/CVE-2021-26539

Code Behaviors & Features

Detect and mitigate CVE-2021-26539 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →