CVE-2021-23445

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
snykCNA
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
datatablesdatatables.net
𝑥
< 1.11.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
datatables.js
bullseye
1.10.21+dfsg-2+deb11u1
fixed
stretch
no-dsa
sid
1.11.5+dfsg-2
fixed
trixie
1.11.5+dfsg-2
fixed
bookworm
1.11.5+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
datatables.js
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
dne
Common Weakness Enumeration
References
https://cdn.datatables.net/1.11.3/
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html
https://security.netapp.com/advisory/ntap-20240621-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544
https://cdn.datatables.net/1.11.3/
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html
https://security.netapp.com/advisory/ntap-20240621-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544