CVE-2021-23445

EUVD-2021-2066
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
snykCNA
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
datatablesdatatables.net
𝑥
< 1.11.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
datatables.js
bookworm
1.11.5+dfsg-2
fixed
bullseye
1.10.21+dfsg-2+deb11u1
fixed
sid
1.11.5+dfsg-2
fixed
stretch
no-dsa
trixie
1.11.5+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
datatables.js
bionic
needs-triage
focal
needs-triage
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://cdn.datatables.net/1.11.3/
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html
https://security.netapp.com/advisory/ntap-20240621-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544
https://cdn.datatables.net/1.11.3/
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html
https://security.netapp.com/advisory/ntap-20240621-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544