Lucene search
+L

10 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.9 views

CVE-2024-34078

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

6.1CVSS6.4AI score0.00551EPSS
Exploits0References1
Debian
Debian
added 2024/08/26 3:55 p.m.61 views

[SECURITY] [DLA 3856-1] python-html-sanitizer security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3856-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 26, 2024 https://wiki.debian.org/LTS -...

6.1CVSS6.5AI score0.00551EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/26 12:0 a.m.12 views

Debian dla-3856 : python3-html-sanitizer - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3856 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3856-1 [email protected] https://www.debian.org/lts/security/...

6.1CVSS6.3AI score0.00551EPSS
Exploits0References4
NVD
NVD
added 2024/05/06 3:15 p.m.25 views

CVE-2024-34078

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

6.1CVSS6.1AI score0.00551EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/05/06 3:15 p.m.32 views

CVE-2024-34078

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

6.1CVSS6.2AI score0.00551EPSS
Exploits0References4
CVE
CVE
added 2024/05/06 2:48 p.m.76 views

CVE-2024-34078

CVE-2024-34078 affects the html-sanitizer library. When keep_typographic_whitespace is false (default), Unicode is normalized to NFKC at the end, and some characters can normalize to chevrons, allowing specially crafted HTML to bypass sanitization. Exploitation could enable HTML injection within ...

6.1CVSS6.2AI score0.00551EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/06 2:48 p.m.19 views

CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

6.1CVSS6.5AI score0.00551EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/06 2:48 p.m.39 views

CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

6.1CVSS6.3AI score0.00551EPSS
Exploits0References2
OSV
OSV
added 2024/05/06 2:48 p.m.25 views

CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

6.1CVSS6.1AI score0.00551EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/05/06 2:33 p.m.8 views

acquisition-ruling-phrase (>=0.1.0 <=0.3.1), acquisition-sanitizer (>=0.1.0 <=0.4.1) +4 more potentially affected by CVE-2024-34078 via html-sanitizer (>=1.9.0 <=1.9.3)

html-sanitizer PYPI version =1.9.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.10.1 Source cves: CVE-2024-34078 Source advisory: OSV:GHSA-WVHX-Q427-FGH3...

6.1CVSS6.3AI score0.00551EPSS
Exploits0
Rows per page
Query Builder