5 matches found
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
UBUNTU-CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
Fedora 29 : glpi (2019-a66789a334)
Add security fix backported from 9.4 : - security Bad chevrons rendering on dropdowns 5468 - security Iframe and forms are rendered in rich text contents 5519 - security Type juggling authentication bypass 5520 - security Malicious images upload 5580 - security Password token date was not reset...