PYSEC-2021-849

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pybluemonday/PYSEC-2021-849.yaml

Aliases

CVE-2021-42576
GHSA-x95h-979x-cf3j
GO-2022-0588

Published

2021-10-18T15:15:00Z

Modified

2023-11-08T04:07:06.825297Z

Details

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

References

https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/
https://pypi.org/project/pybluemonday
https://nvd.nist.gov/vuln/detail/CVE-2021-42576
https://github.com/advisories/GHSA-x95h-979x-cf3j

Affected packages

PyPI / pybluemonday

Package

Name: pybluemonday

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.0.8

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7