PYSEC-2021-865

Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/bleach/PYSEC-2021-865.yaml
Aliases
Published
2021-02-02T17:58:00Z
Modified
2023-11-08T04:05:14.166540Z
Details

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False.

References

Affected packages

PyPI / bleach

Package

Name
bleach

Affected ranges

Type
GIT
Repo
https://github.com/mozilla/bleach
Events
Introduced
0The exact introduced commit is unknown
Fixed
Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.3.0

Affected versions

0.*

0.1
0.1.1
0.1.2
0.2
0.2.1
0.2.2
0.3
0.3.1
0.3.3
0.3.4
0.5.0
0.5.1

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2
1.2.1
1.2.2
1.4
1.4.1
1.4.2
1.4.3
1.5.0

2.*

2.0.0
2.1
2.1.1
2.1.2
2.1.3
2.1.4

3.*

3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.2.0
3.2.1
3.2.2
3.2.3