CVE-2021-42576

Опубликовано: 18 окт. 2021

Источник: debian

Описание

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
golang-github-microcosm-cc-bluemonday	fixed	1.0.16-1		package
golang-github-microcosm-cc-bluemonday	no-dsa		bullseye	package

Примечания

https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/

Связанные уязвимости

CVE-2021-42576

CVSS3: 9.8

ubuntu

больше 4 лет назад

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

CVE-2021-42576

CVSS3: 9.8

nvd

больше 4 лет назад

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

GHSA-x95h-979x-cf3j

CVSS3: 9.8

github

больше 4 лет назад

Policies not properly enforced in bluemonday