vulnerability

FreeBSD: VID-4c52ec3c-86f3-11ea-b5b4-641c67a117d8 (CVE-2020-6817): py-bleach -- regular expression denial-of-service

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Apr 26, 2020	Apr 27, 2020	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Apr 26, 2020

Added

Apr 27, 2020

Modified

Dec 10, 2025

Description

Bleach developers reports: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Solutions

freebsd-upgrade-package-py27-bleachfreebsd-upgrade-package-py35-bleachfreebsd-upgrade-package-py36-bleachfreebsd-upgrade-package-py37-bleachfreebsd-upgrade-package-py38-bleach

References

CVE-2020-6817
https://attackerkb.com/topics/CVE-2020-6817
CWE-1333

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today