Описание
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).
Ссылки
- ExploitIssue Tracking
- Vendor Advisory
- ExploitIssue Tracking
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.4 (исключая)
cpe:2.3:a:mozilla:bleach:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00178
Низкий
7.5 High
CVSS3
Дефекты
CWE-1333
CWE-1333
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 3 года назад
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).
CVSS3: 7.5
debian
почти 3 года назад
bleach.clean behavior parsing style attributes could result in a regul ...
CVSS3: 7.5
github
почти 6 лет назад
regular expression denial-of-service (ReDoS) in Bleach
EPSS
Процентиль: 40%
0.00178
Низкий
7.5 High
CVSS3
Дефекты
CWE-1333
CWE-1333