vulnerability
FreeBSD: VID-e97a8852-32dd-4291-ba4d-92711daff056: py-bleach -- unsanitized character entities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Jul 27, 2018 | Jul 28, 2018 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jul 27, 2018
Added
Jul 28, 2018
Modified
Dec 10, 2025
Description
bleach developer reports: Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized. This security issue was introduced in Bleach 2.1. Anyone using Bleach 2.1 is highly encouraged to upgrade.
Solutions
freebsd-upgrade-package-py27-bleachfreebsd-upgrade-package-py36-bleach
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.