CVE-2021-23445 - Vulnerability Details

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Datatables	Datatables.net
Redhat	Jboss Enterprise Application Platform

Configuration 1 [-]

cpe:2.3:a:datatables:datatables.net:*:*:*:*:*:node.js:*:*

Package	CPE	Advisory	Released Date
Red Hat JBoss Enterprise Application Platform 7
datatables.net	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2024:3563	2024-06-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:3560	2024-06-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-wss4j-0:2.4.3-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
eap7-xml-security-0:2.3.4-1.redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:3561	2024-06-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:3559	2024-06-03T00:00:00Z

References

Link	Providers
https://cdn.datatables.net/1.11.3/
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html
https://nvd.nist.gov/vuln/detail/CVE-2021-23445
https://security.netapp.com/advisory/ntap-20240621-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544
https://www.cve.org/CVERecord?id=CVE-2021-23445

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00449}`	epss `{'score': 0.00461}`

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2021-09-27T16:35:18.234764Z

Updated: 2024-09-16T18:39:20.468Z

Reserved: 2021-01-08T00:00:00

Link: CVE-2021-23445

Vulnrichment

Updated: 2024-08-03T19:05:55.898Z

NVD

Status : Modified

Published: 2021-09-27T17:15:08.137

Modified: 2024-11-21T05:51:46.320

Link: CVE-2021-23445

Redhat

Severity : Moderate

Publid Date: 2021-09-27T00:00:00Z

Links: CVE-2021-23445 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object