Vulnerabilities > Apostrophecms > Sanitize Html > 2.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-24 | CVE-2024-21501 | Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). | 5.3 |
| 2022-08-30 | CVE-2022-25887 | Unspecified vulnerability in Apostrophecms Sanitize-Html The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. | 7.5 |