logo
DATABASE RESOURCES PRICING ABOUT US

regular expression denial-of-service (ReDoS) in Bleach

Description

### Impact `bleach.clean` behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to ``bleach.clean`` with an allowed tag with an allowed ``style`` attribute are vulnerable to ReDoS. For example, ``bleach.clean(..., attributes={'a': ['style']})``. ### Patches 3.1.4 ### Workarounds * do not whitelist the style attribute in `bleach.clean` calls * limit input string length ### References * https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 * https://www.regular-expressions.info/redos.html * https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/ * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6817 ### Credits * Reported by schwag09 of r2c ### For more information If you have any questions or comments about this advisory: * Open an issue at https://github.com/mozilla/bleach/issues * Email us at security@mozilla.org


Affected Software


CPE Name Name Version
bleach 0.1
bleach 0.1.1
bleach 0.1.2
bleach 0.2
bleach 0.2.1
bleach 0.2.2
bleach 0.3
bleach 0.3.1
bleach 0.3.3
bleach 0.3.4
bleach 0.5.0
bleach 0.5.1
bleach 1.0.0
bleach 1.0.1
bleach 1.0.2
bleach 1.0.3
bleach 1.0.4
bleach 1.1.0
bleach 1.1.1
bleach 1.1.2
bleach 1.1.3
bleach 1.1.4
bleach 1.1.5
bleach 1.2
bleach 1.2.1
bleach 1.2.2
bleach 1.4
bleach 1.4.1
bleach 1.4.2
bleach 1.4.3
bleach 1.5.0
bleach 2.0.0
bleach 2.1
bleach 2.1.1
bleach 2.1.2
bleach 2.1.3
bleach 2.1.4
bleach 3.0.0
bleach 3.0.1
bleach 3.0.2
bleach 3.1.0
bleach 3.1.1
bleach 3.1.2
bleach 3.1.3

Related