vulnerability
FreeBSD: VID-3d19c776-68e7-11ea-91db-0050562a4d7b: www/py-bleach -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Mar 18, 2020 | Mar 19, 2020 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Mar 18, 2020
Added
Mar 19, 2020
Modified
Dec 10, 2025
Description
* ``bleach.clean`` behavior parsing embedded MathML and SVG content with RCDATA tags did not match browser behavior and could result in a mutation XSS. Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or ``svg`` tags and one or more of the RCDATA tags ``script``, ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or ``xmp`` in the allowed tags whitelist were vulnerable to a mutation XSS. * ``bleach.clean`` behavior parsing ``noscript`` tags did not match browser behavior. Calls to ``bleach.clean`` allowing ``noscript`` and one or more of the raw text tags (``title``, ``textarea``, ``script``, ``style``, ``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable to a mutation XSS.
Solutions
freebsd-upgrade-package-py27-bleachfreebsd-upgrade-package-py35-bleachfreebsd-upgrade-package-py36-bleachfreebsd-upgrade-package-py37-bleachfreebsd-upgrade-package-py38-bleach
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.