PYSEC-2021-120

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pywb/PYSEC-2021-120.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-120

Aliases

Published

2021-08-18T18:15:00Z

Modified

2023-11-08T04:06:35.401095Z

Summary

[none]

Details

Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.

References

Affected packages

PyPI / pywb

Package

Name: pywb; View open source insights on deps.dev
Purl: pkg:pypi/pywb

Affected ranges

Type: GIT
Repo: https://github.com/webrecorder/pywb
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f7bd84cdacdd665ff73ae8d09a202f60be2ebae9

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.0

Affected versions

0.*

0.2.0

0.2.2

0.3.0

0.4.0

0.4.5

0.4.7

0.5.0

0.5.1

0.5.3

0.5.4

0.6.0

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.7.0

0.7.1

0.7.2

0.7.5

0.7.6

0.7.7

0.7.8

0.8.0

0.8.1

0.8.2

0.8.3

0.9.0b1

0.9.0

0.9.1

0.9.2

0.9.3

0.9.5

0.9.6

0.9.7

0.9.8

0.10.0

0.10.1

0.10.2

0.10.5

0.10.6

0.10.7

0.10.8

0.10.9

0.10.9.1

0.10.10

0.11.0

0.11.1

0.11.2

0.11.3

0.11.4

0.11.5

0.30.0

0.30.1

0.31.0

0.32.0

0.32.1

0.33.0

0.33.1

0.33.2

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.1.0

2.2.20190227

2.2.20190311

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.4.0

2.4.1

2.4.2

2.5.0

2.6.0b0

2.6.0b1

2.6.0b2

2.6.0b3

2.6.0b4

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/pywb/PYSEC-2021-120.yaml"