GHSA-x95h-979x-cf3j

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-x95h-979x-cf3j/GHSA-x95h-979x-cf3j.json

Aliases

CVE-2021-42576 ( GO-2022-0588, PYSEC-2021-849 )
GO-2022-0588
PYSEC-2021-849

Published

2021-10-19T20:15:30Z

Modified

2023-04-11T01:48:14.097625Z

Details

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-42576
https://github.com/microcosm-cc/bluemonday/commit/c788a2a4d42e081ad54a31368478820bb4a42fb4
https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/
https://github.com/microcosm-cc/bluemonday
https://pkg.go.dev/vuln/GO-2022-0588

Affected packages

PyPI / pybluemonday

pybluemonday

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Fixed

0.0.8

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

Go / github.com/microcosm-cc/bluemonday

github.com/microcosm-cc/bluemonday

Affected ranges

Type: SEMVER
Events: Introduced

0

Fixed

1.0.16