Lucene search
UbuntuUSN-2217-1HistoryMay 21, 2014 - 12:00 a.m.
lxml vulnerability
2014-05-2100:00:00
ubuntu.com
34
6.2 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.8%
Releases
- Ubuntu 14.04 ESM
- Ubuntu 13.10
- Ubuntu 12.04
Packages
- lxml - pythonic binding for the libxml2 and libxslt libraries
Details
It was discovered that the lxml.html.clean module incorrectly stripped
control characters. An attacked could potentially exploit this to conduct
cross-site scripting (XSS) attacks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | python-lxml | < 3.3.3-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | python-lxml-dbg | < 3.3.3-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | python3-lxml | < 3.3.3-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | python3-lxml-dbg | < 3.3.3-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python-lxml | < 3.2.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python-lxml-dbg | < 3.2.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python3-lxml | < 3.2.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python3-lxml-dbg | < 3.2.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | python-lxml | < 2.3.2-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | python-lxml-dbg | < 2.3.2-1ubuntu0.2 | UNKNOWN |
References
Related
openvas
openvas
Debian Security Advisory DSA 2941-1 (lxml - security update)
2014-06-01 00:00:00
Debian: Security Advisory (DSA-2941-1)
2014-05-31 00:00:00
Mageia: Security Advisory (MGASA-2014-0218)
2022-01-28 00:00:00
prion
prion
Cross site scripting
2014-05-14 19:55:00
Design/Logic Flaw
2018-12-02 10:29:00
osv
osv
lxml - security update
2014-06-01 00:00:00
PYSEC-2014-9
2014-05-14 19:55:00
lxml - security update
2014-06-26 00:00:00
debiancve
debiancve
CVE-2014-3146
2014-05-14 19:55:00
CVE-2018-19787
2018-12-02 10:29:00
nessus
nessus
Mandriva Linux Security Advisory : python-lxml (MDVSA-2015:112)
2015-03-30 00:00:00
openSUSE Security Update : python-lxml (openSUSE-SU-2014:0735-1)
2014-06-13 00:00:00
SuSE 11.3 Security Update : python-lxml (SAT Patch Number 9821)
2014-10-11 00:00:00
debian
debian
lxml security update
2014-06-26 17:10:22
lxml security update
2014-06-26 17:16:35
[SECURITY] [DSA 2941-1] lxml security update
2014-06-01 08:36:18
cve
cve
CVE-2014-3146
2014-05-14 19:55:00
CVE-2018-19787
2018-12-02 10:29:00
ubuntucve
ubuntucve
CVE-2014-3146
2014-05-14 00:00:00
CVE-2018-19787
2018-12-02 00:00:00
mageia
mageia
Updated python-lxml package fix CVE-2014-3146
2014-05-15 02:10:47
github
github
lxml Cross-site Scripting Via Control Characters
2022-05-14 04:01:59
Improper Neutralization of Input During Web Page Generation in LXML
2022-05-13 01:13:21
redhatcve
redhatcve
CVE-2018-19787
2018-12-17 23:08:11
securityvulns
securityvulns
6.2 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.8%
Related for USN-2217-1