What the vulnerability does

01Description

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

Key dates

02Disclosure timeline

June 4, 2018 CVE published
September 17, 2024 Record updated