{"id":"CVE-2021-23445","details":"This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.","aliases":["GHSA-h73q-5wmj-q8pj"],"modified":"2026-05-30T17:17:55.333369Z","published":"2021-09-27T17:15:08.137Z","related":["SNYK-JAVA-ORGWEBJARSBOWER-1715371","SNYK-JAVA-ORGWEBJARSNPM-1715376","SNYK-JS-DATATABLESNET-1540544"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html"},{"type":"ADVISORY","url":"https://cdn.datatables.net/1.11.3/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"FIX","url":"https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/datatables/datatablessrc","events":[{"introduced":"0"},{"fixed":"79772b97fe6d45af67057cc13fa6af3f00c873ea"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.11.3"}],"source":"CPE_RANGE","cpe":"cpe:2.3:a:datatables:datatables.net:*:*:*:*:*:node.js:*:*"}}],"versions":["1.11.2","1.11.1","1.11.0","1.10.25","1.7.0","1.0.1","1.10.23","1.10.22","1.10.21","1.10.20","1.10.16","1.10.15","1.10.14","1.10.13","1.10.12","1.10.11","1.10.10","1.10.9","1.10.8","1.10.7","1.10.6","1.10.5","1.10.4","1.10.3","1.10.2","1.10.1","1.10.0","1.10.0-rc.1","1.10.0-beta.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23445.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/datatables/dist-datatables","events":[{"introduced":"0"},{"fixed":"59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b"}],"database_specific":{"source":"REFERENCES"}}],"versions":["1.11.2","1.11.1","1.11.0","1.10.24","1.10.23","1.10.22","1.10.21","1.10.20","1.10.19","1.10.18","1.10.17","1.10.16","1.10.15","1.10.14","1.10.13","1.10.12","1.10.11","1.10.10","1.10.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23445.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}