CVE-2021-43818

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-43818
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43818.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-43818
Aliases
Related
Published
2021-12-13T18:15:08Z
Modified
2024-09-18T03:16:50.520439Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.

References

Affected packages

Alpine:v3.16 / py3-lxml

Package

Name
py3-lxml
Purl
pkg:apk/alpine/py3-lxml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.5-r0

Affected versions

2.*

2.2.6-r0
2.2.8-r0
2.2.8-r1
2.3.4-r1
2.3.5-r0

3.*

3.1.0-r0
3.2.3-r0
3.3.2-r0
3.4.0-r0
3.4.4-r0
3.5.0-r0
3.6.0-r0
3.6.0-r1
3.6.4-r0
3.7.1-r0
3.7.2-r0
3.7.2-r1
3.8.0-r0

4.*

4.0.0-r0
4.1.0-r0
4.1.0-r1
4.1.1-r0
4.2.0-r0
4.2.1-r0
4.2.2-r0
4.2.3-r0
4.2.4-r0
4.2.5-r0
4.3.2-r0
4.3.3-r0
4.3.3-r1
4.3.4-r0
4.4.0-r0
4.4.1-r0
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.2-r0
4.4.3-r0
4.5.0-r0
4.5.1-r0
4.5.2-r0
4.6.0-r0
4.6.1-r0
4.6.2-r0
4.6.3-r0
4.6.3-r1
4.6.4-r0

Alpine:v3.17 / py3-lxml

Package

Name
py3-lxml
Purl
pkg:apk/alpine/py3-lxml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.5-r0

Affected versions

2.*

2.2.6-r0
2.2.8-r0
2.2.8-r1
2.3.4-r1
2.3.5-r0

3.*

3.1.0-r0
3.2.3-r0
3.3.2-r0
3.4.0-r0
3.4.4-r0
3.5.0-r0
3.6.0-r0
3.6.0-r1
3.6.4-r0
3.7.1-r0
3.7.2-r0
3.7.2-r1
3.8.0-r0

4.*

4.0.0-r0
4.1.0-r0
4.1.0-r1
4.1.1-r0
4.2.0-r0
4.2.1-r0
4.2.2-r0
4.2.3-r0
4.2.4-r0
4.2.5-r0
4.3.2-r0
4.3.3-r0
4.3.3-r1
4.3.4-r0
4.4.0-r0
4.4.1-r0
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.2-r0
4.4.3-r0
4.5.0-r0
4.5.1-r0
4.5.2-r0
4.6.0-r0
4.6.1-r0
4.6.2-r0
4.6.3-r0
4.6.3-r1
4.6.4-r0

Alpine:v3.18 / py3-lxml

Package

Name
py3-lxml
Purl
pkg:apk/alpine/py3-lxml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.5-r0

Affected versions

2.*

2.2.6-r0
2.2.8-r0
2.2.8-r1
2.3.4-r1
2.3.5-r0

3.*

3.1.0-r0
3.2.3-r0
3.3.2-r0
3.4.0-r0
3.4.4-r0
3.5.0-r0
3.6.0-r0
3.6.0-r1
3.6.4-r0
3.7.1-r0
3.7.2-r0
3.7.2-r1
3.8.0-r0

4.*

4.0.0-r0
4.1.0-r0
4.1.0-r1
4.1.1-r0
4.2.0-r0
4.2.1-r0
4.2.2-r0
4.2.3-r0
4.2.4-r0
4.2.5-r0
4.3.2-r0
4.3.3-r0
4.3.3-r1
4.3.4-r0
4.4.0-r0
4.4.1-r0
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.2-r0
4.4.3-r0
4.5.0-r0
4.5.1-r0
4.5.2-r0
4.6.0-r0
4.6.1-r0
4.6.2-r0
4.6.3-r0
4.6.3-r1
4.6.4-r0

Alpine:v3.19 / py3-lxml

Package

Name
py3-lxml
Purl
pkg:apk/alpine/py3-lxml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.5-r0

Affected versions

2.*

2.2.6-r0
2.2.8-r0
2.2.8-r1
2.3.4-r1
2.3.5-r0

3.*

3.1.0-r0
3.2.3-r0
3.3.2-r0
3.4.0-r0
3.4.4-r0
3.5.0-r0
3.6.0-r0
3.6.0-r1
3.6.4-r0
3.7.1-r0
3.7.2-r0
3.7.2-r1
3.8.0-r0

4.*

4.0.0-r0
4.1.0-r0
4.1.0-r1
4.1.1-r0
4.2.0-r0
4.2.1-r0
4.2.2-r0
4.2.3-r0
4.2.4-r0
4.2.5-r0
4.3.2-r0
4.3.3-r0
4.3.3-r1
4.3.4-r0
4.4.0-r0
4.4.1-r0
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.2-r0
4.4.3-r0
4.5.0-r0
4.5.1-r0
4.5.2-r0
4.6.0-r0
4.6.1-r0
4.6.2-r0
4.6.3-r0
4.6.3-r1
4.6.4-r0

Alpine:v3.20 / py3-lxml

Package

Name
py3-lxml
Purl
pkg:apk/alpine/py3-lxml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.5-r0

Affected versions

2.*

2.2.6-r0
2.2.8-r0
2.2.8-r1
2.3.4-r1
2.3.5-r0

3.*

3.1.0-r0
3.2.3-r0
3.3.2-r0
3.4.0-r0
3.4.4-r0
3.5.0-r0
3.6.0-r0
3.6.0-r1
3.6.4-r0
3.7.1-r0
3.7.2-r0
3.7.2-r1
3.8.0-r0

4.*

4.0.0-r0
4.1.0-r0
4.1.0-r1
4.1.1-r0
4.2.0-r0
4.2.1-r0
4.2.2-r0
4.2.3-r0
4.2.4-r0
4.2.5-r0
4.3.2-r0
4.3.3-r0
4.3.3-r1
4.3.4-r0
4.4.0-r0
4.4.1-r0
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.2-r0
4.4.3-r0
4.5.0-r0
4.5.1-r0
4.5.2-r0
4.6.0-r0
4.6.1-r0
4.6.2-r0
4.6.3-r0
4.6.3-r1
4.6.4-r0

Debian:11 / lxml

Package

Name
lxml
Purl
pkg:deb/debian/lxml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.3+dfsg-0.1+deb11u1

Affected versions

4.*

4.6.3+dfsg-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / lxml

Package

Name
lxml
Purl
pkg:deb/debian/lxml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.7.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / lxml

Package

Name
lxml
Purl
pkg:deb/debian/lxml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.7.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/lxml/lxml

Affected ranges

Type
GIT
Repo
https://github.com/lxml/lxml
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Fixed

Affected versions

lxml-0.*

lxml-0.5.1
lxml-0.6
lxml-0.7
lxml-0.9

lxml-1.*

lxml-1.0
lxml-1.0.beta
lxml-1.1
lxml-1.1alpha
lxml-1.1beta
lxml-1.2

lxml-2.*

lxml-2.0
lxml-2.0.1
lxml-2.0alpha1
lxml-2.0alpha2
lxml-2.0alpha3
lxml-2.0alpha4
lxml-2.0alpha5
lxml-2.0alpha6
lxml-2.0beta1
lxml-2.0beta2
lxml-2.1
lxml-2.1alpha1
lxml-2.1beta1
lxml-2.1beta2
lxml-2.1beta3
lxml-2.2
lxml-2.2.1
lxml-2.2.2
lxml-2.3
lxml-2.3.1
lxml-2.3.2
lxml-2.3.3
lxml-2.3.4
lxml-2.3.5
lxml-2.3.6
lxml-2.3alpha1
lxml-2.3alpha2
lxml-2.3beta1

lxml-3.*

lxml-3.0
lxml-3.0.1
lxml-3.0.2
lxml-3.0alpha1
lxml-3.0alpha2
lxml-3.0beta1
lxml-3.1.0
lxml-3.1.1
lxml-3.1.2
lxml-3.1beta1
lxml-3.2.0
lxml-3.2.1
lxml-3.2.2
lxml-3.2.3
lxml-3.2.4
lxml-3.2.5
lxml-3.3.0
lxml-3.3.0beta1
lxml-3.3.0beta2
lxml-3.3.0beta3
lxml-3.3.0beta4
lxml-3.3.0beta5
lxml-3.3.1
lxml-3.3.2
lxml-3.3.3
lxml-3.3.4
lxml-3.3.5
lxml-3.3.6
lxml-3.4.0
lxml-3.4.0beta1
lxml-3.4.1
lxml-3.4.2
lxml-3.4.3
lxml-3.4.4
lxml-3.5.0
lxml-3.5.0b1
lxml-3.6.0
lxml-3.6.1
lxml-3.6.2
lxml-3.6.3
lxml-3.6.4
lxml-3.7.0
lxml-3.7.1
lxml-3.7.2
lxml-3.8.0
lxml-3.8.0-py27fix

lxml-4.*

lxml-4.0.0
lxml-4.1.0
lxml-4.1.1
lxml-4.2.0
lxml-4.2.1
lxml-4.2.2
lxml-4.2.3
lxml-4.2.3-win
lxml-4.2.4
lxml-4.2.5
lxml-4.2.6
lxml-4.2.6-win1
lxml-4.3.0
lxml-4.3.1
lxml-4.3.2
lxml-4.3.3
lxml-4.3.4
lxml-4.3.5
lxml-4.4.0
lxml-4.4.1
lxml-4.4.2
lxml-4.4.3
lxml-4.5.0
lxml-4.5.1
lxml-4.5.2
lxml-4.6.0
lxml-4.6.1
lxml-4.6.2
lxml-4.6.3
lxml-4.6.4
lxml-4.6.4-1
lxml-4.6.4-2
lxml-4.6.4-3
lxml-4.6.4-4
lxml-4.6.4-5