vulnerability

FreeBSD: VID-3D19C776-68E7-11EA-91DB-0050562A4D7B: www/py-bleach -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	2020-02-13	2020-03-19	2025-02-19

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

2020-02-13

Added

2020-03-19

Modified

2025-02-19

Description

* ``bleach.clean`` behavior parsing embedded MathML and SVG content

with RCDATA tags did not match browser behavior and could result in

a mutation XSS.

Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or

``svg`` tags and one or more of the RCDATA tags ``script``,

``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or

``xmp`` in the allowed tags whitelist were vulnerable to a mutation

XSS.

* ``bleach.clean`` behavior parsing ``noscript`` tags did not match

browser behavior.

Calls to ``bleach.clean`` allowing ``noscript`` and one or more of

the raw text tags (``title``, ``textarea``, ``script``, ``style``,

``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable

to a mutation XSS.

Solution(s)

freebsd-upgrade-package-py27-bleachfreebsd-upgrade-package-py35-bleachfreebsd-upgrade-package-py36-bleachfreebsd-upgrade-package-py37-bleachfreebsd-upgrade-package-py38-bleach

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today