CVE-2024-34078

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-34078

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34078.json

Aliases

GHSA-wvhx-q427-fgh3

Published

2024-05-06T15:15:24Z

Modified

2024-05-14T13:11:15.162621Z

Summary

[none]

Details

html-sanitizer is an allowlist-based HTML cleaner. If using keep_typographic_whitespace=False (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2.

References

Affected packages

Git / github.com/matthiask/html-sanitizer

Affected ranges

Type: GIT
Repo: https://github.com/matthiask/html-sanitizer
Events: Introduced

0The exact introduced commit is unknown

Fixed

48db42fc5143d0140c32d929c46b802f96913550

Affected versions

1.*

1.0

1.1

1.1.2

1.1.3

1.1.4

1.2

1.2.1

1.3

1.4

1.5

1.6

1.6.1

1.6.2

1.6.3

1.6.4

1.7

1.7.1

1.7.2

1.7.3

1.8

1.9

1.9.1

1.9.2

1.9.3

2.*

2.0

2.1

2.2

2.3

2.3.1

2.4

2.4.1