An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.
{
"source": [
"CPE_STRING",
"REFERENCES"
],
"cpe": [
"cpe:2.3:a:mozilla:bleach:2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mozilla:bleach:2.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mozilla:bleach:2.1.2:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "2.1"
},
{
"last_affected": "2.1"
},
{
"introduced": "2.1.1"
},
{
"last_affected": "2.1.1"
},
{
"introduced": "2.1.2"
},
{
"last_affected": "2.1.2"
}
]
}