logo
DATABASE RESOURCES PRICING ABOUT US

py-bleach -- regular expression denial-of-service

Description

Bleach developers reports: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).


Affected Package


OS OS Version Package Name Package Version
FreeBSD any py27-bleach 3.1.4
FreeBSD any py35-bleach 3.1.4
FreeBSD any py36-bleach 3.1.4
FreeBSD any py37-bleach 3.1.4
FreeBSD any py38-bleach 3.1.4

Related