{"uuid": "2f3fc7b5-d780-47fd-8d61-36725c33274d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-26539", "type": "seen", "source": "https://t.me/cibsecurity/23227", "content": "\u203c CVE-2021-26539 \u203c\n\nApostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the \"allowedIframeHostnames\" option.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-08T20:39:37.000000Z"}