CVE-2021-23899: Arbitrary code injection in json-sanitizer

Severity: Critical

CVSS Score: 9.8

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.