CVE-2021-42576

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-42576

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42576.json

Aliases

GHSA-x95h-979x-cf3j
GO-2022-0588
PYSEC-2021-849

Published

2021-10-18T15:15:07Z

Modified

2023-11-29T09:04:59.396138Z

Details

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

References

https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/

Affected packages

Git / github.com/microcosm-cc/bluemonday

Affected ranges

Type: GIT
Repo: https://github.com/microcosm-cc/bluemonday
Events: Introduced

0The exact introduced commit is unknown

Fixed

c788a2a4d42e081ad54a31368478820bb4a42fb4

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9