CVE-2020-11888

Опубликовано: 20 апр. 2020

Источник: debian

EPSS Низкий

Описание

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-markdown2	fixed	2.3.9-1		package
python-markdown2	fixed	2.3.7-2+deb10u1	buster	package

Примечания

https://github.com/trentm/python-markdown2/issues/348

EPSS

Процентиль: 70%

0.0065

Низкий

Связанные уязвимости

CVE-2020-11888

CVSS3: 6.1

ubuntu

почти 6 лет назад

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.

CVE-2020-11888

CVSS3: 6.1

nvd

почти 6 лет назад

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.

openSUSE-SU-2020:0651-1

suse-cvrf

больше 5 лет назад

Security update for python-markdown2

GHSA-fv3h-8x5j-pvgq

CVSS3: 6.1

github

почти 6 лет назад

XSS in python-markdown2

EPSS

Процентиль: 70%

0.0065

Низкий