CVE-2021-42576

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-42576
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42576.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-42576
Aliases
Related
Published
2021-10-18T15:15:07Z
Modified
2024-09-18T03:16:39.554977Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

References

Affected packages

Debian:11 / golang-github-microcosm-cc-bluemonday

Package

Name
golang-github-microcosm-cc-bluemonday
Purl
pkg:deb/debian/golang-github-microcosm-cc-bluemonday?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.2-4
1.0.6-1
1.0.16-1~bpo11+1
1.0.16-1
1.0.18-1
1.0.18-2
1.0.20-1~bpo11+1
1.0.20-1~bpo11+2
1.0.20-1
1.0.24-1
1.0.26-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / golang-github-microcosm-cc-bluemonday

Package

Name
golang-github-microcosm-cc-bluemonday
Purl
pkg:deb/debian/golang-github-microcosm-cc-bluemonday?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.16-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-github-microcosm-cc-bluemonday

Package

Name
golang-github-microcosm-cc-bluemonday
Purl
pkg:deb/debian/golang-github-microcosm-cc-bluemonday?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.16-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}