Miggo Logo

CVE-2021-42575: Policies not properly enforced in OWASP Java HTML Sanitizer

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.74312%
Published
10/19/2021
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizermaven< 20211018.120211018.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper handling of <style> tag content within <option> elements. The writeCloseTag method in HtmlStreamRenderer.java was modified to add validation checks for dangerous CDATA sequences, indicating it was the primary vulnerable function. The pre-patch version directly appended user-controlled CDATA content without sanitization, making it the exploitation point for policy bypass attacks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** OW*SP J*v* *TML S*nitiz*r ***or* ********.* *o*s not prop*rly *n*or** poli*i*s *sso*i*t** wit* t** `S*L**T`, `STYL*`, *n* `OPTION` *l*m*nts.

Reasoning

T** vuln*r**ility st*mm** *rom improp*r **n*lin* o* <styl*> t** *ont*nt wit*in <option> *l*m*nts. T** `writ**los*T**` m*t*o* in `*tmlStr**mR*n**r*r.j*v*` w*s mo*i*i** to *** `v*li**tion` ****ks *or **n**rous ***T* s*qu*n**s, in*i**tin* it w*s t** pri