Vulnerability in Hackerone Html-janitor Node Module

CVE-2017-0928

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

EPSS: 0.002 (40.2th percentile) — read the EPSS interpretation.

Affected products

Hackerone Html-janitor Node Module — versions All versions

Weakness classification (CWE)

CWE-642

References

hackerone.com/reports/308158 (x_refsource_MISC)
github.com/guardian/html-janitor/issues/35 (x_refsource_MISC)