GHSA-x95h-979x-cf3j

Source

https://github.com/advisories/GHSA-x95h-979x-cf3j

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-x95h-979x-cf3j/GHSA-x95h-979x-cf3j.json

Aliases

CVE-2021-42576
GO-2022-0588
PYSEC-2021-849

Published

2021-10-19T20:15:30Z

Modified

2024-02-17T05:24:52.849973Z

Details

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-42576
https://github.com/microcosm-cc/bluemonday/commit/c788a2a4d42e081ad54a31368478820bb4a42fb4
https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50
https://github.com/microcosm-cc/bluemonday
https://pkg.go.dev/vuln/GO-2022-0588

Affected packages

PyPI / pybluemonday

Package

Name: pybluemonday

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.0.8

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

Go / github.com/microcosm-cc/bluemonday

Package

Name: github.com/microcosm-cc/bluemonday

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.0.16