Vulnerability CVE-2021-23648
Published: 2022-03-16

Description:
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.

 References:
https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882
https://github.com/braintree/sanitize-url/pull/40
https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183
https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11
Copyright 2026, cxsecurity.com

 

Back to Top