10 matches found
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
[SECURITY] [DLA 3856-1] python-html-sanitizer security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3856-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 26, 2024 https://wiki.debian.org/LTS -...
Debian dla-3856 : python3-html-sanitizer - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3856 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3856-1 [email protected] https://www.debian.org/lts/security/...
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2024-34078
CVE-2024-34078 affects the html-sanitizer library. When keep_typographic_whitespace is false (default), Unicode is normalized to NFKC at the end, and some characters can normalize to chevrons, allowing specially crafted HTML to bypass sanitization. Exploitation could enable HTML injection within ...
CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
acquisition-ruling-phrase (>=0.1.0 <=0.3.1), acquisition-sanitizer (>=0.1.0 <=0.4.1) +4 more potentially affected by CVE-2024-34078 via html-sanitizer (>=1.9.0 <=1.9.3)
html-sanitizer PYPI version =1.9.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.10.1 Source cves: CVE-2024-34078 Source advisory: OSV:GHSA-WVHX-Q427-FGH3...