External Control of Critical State Data in html-janitor Node Module: Bypassing Sanitization via User-Controlled '_sanitized' Variable

CVE-2017-0928 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

Learn more about our External Network Penetration Testing.