What is CVE-2021-3377?

CVE-2021-3377 is a vulnerability in N/a. Published 2021-03-05.

Is CVE-2021-3377 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-3377

The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerabil…

EPSS: 0.592 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf (x_refsource_MISC)
github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-3377?: CVE-2021-3377 is a vulnerability in N/a. Published 2021-03-05.
Is CVE-2021-3377 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.