15 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-6817
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an...
CVE-2020-6817
bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...
CVE-2020-6817
No description is available for this CVE...
Mageia: Security Advisory (MGASA-2020-0176)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for python-bleach (important)
openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2021:0571-1 Rating: important References: 1167379 1168280 1184547 Cross-References: CVE-2020-6816 CVE-2020-6817 CVE-2021-23980 CVSS scores: CVE-2020-6816 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...
openSUSE: Security Advisory for python-bleach (openSUSE-SU-2021:0552-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : python-bleach (openSUSE-2021-552)
This update for python-bleach fixes the following issues : - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5 : - replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...
OPENSUSE-SU-2021:0552-1 Security update for python-bleach
This update for python-bleach fixes the following issues: - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5: replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...
Fedora 30 : python-bleach (2020-827b677e15)
Update to version 3.1.4, an upstream security release. See the upstream changelog for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
Fedora: Security Advisory for python-bleach (FEDORA-2020-827b677e15)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 31 : python-bleach (2020-e1fa96c506)
Update to version 3.1.4, an upstream security release. See the upstream changelog for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
FreeBSD : py-bleach -- regular expression denial-of-service (4c52ec3c-86f3-11ea-b5b4-641c67a117d8)
Bleach developers reports : bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'. C...
[SECURITY] [DLA 2167-1] python-bleach security update
Package : python-bleach Version : 1.4-1+deb8u1 CVE ID : CVE-2020-6817 Debian Bug : 955388 A vulnerability was discovered in python-bleach, a whitelist-based HTML-sanitizing library. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to a regular expression...
adversarial-labeller (=0.1.8), alo7-airflow (>=1.10.0 <=1.10.0.7) +122 more potentially affected by CVE-2020-6817 via bleach (>=1.2.2 <=3.1.3)
bleach PYPI version =1.2.2, =1.10.0, =0.1.0, =0.0.6, =0.3.0, =0.0.9, =0.3.4, =0.0.5, =0.1.0rc1, =0.1.3, =0.0.1, =0.2.1, =0.4.3 - dbx-deploy =0.6.1 and more Source cves: CVE-2020-6817 Source advisory: OSV:GHSA-VQHP-CXGC-6WMM...
regular expression denial-of-service (ReDoS) in Bleach
Impact bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'. Patches 3.1.4 Workarounds d...