CVE-2021-29272

Опубликовано: 27 мар. 2021

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

CVSS3: 6.1

Описание

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	not-affected	1.0.18-2
esm-apps/bionic	needed
esm-apps/jammy	needed
esm-apps/noble	not-affected	1.0.18-2
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	ignored	end of life
hirsute	ignored	end of life

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2021-29272

EPSS

Процентиль: 55%

0.00328

Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2021-29272

CVSS3: 5.9

redhat

почти 5 лет назад

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.

CVE-2021-29272

CVSS3: 6.1

nvd

почти 5 лет назад

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.

GHSA-3x58-xr87-2fcj

CVSS3: 6.1

github

больше 4 лет назад

Cross-site scripting in bluemonday

EPSS

Процентиль: 55%

0.00328

Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

CVE-2021-29272

Описание

Пакет golang-github-microcosm-cc-bluemonday

Ссылки на источники

Связанные уязвимости