Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Mageia: MGASA-2021-0260 moderate: python-bleach xss Issue

mageia
Calendar Grey June 16, 2021
Dist Mageia Esm H88
Recent patches to python-bleach tackle a critical XSS vulnerability impacting permitted tags; vital for safeguarding web applications on Mageia.
It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed ta...

Summary

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed tags, 'p' or "br" are in allowed tags, "style", "title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp" are in allowed tags and 'strip_comments=False' is set (CVE-2021-23980).

References

- https://bugs.mageia.org/show_bug.cgi?id=28986

- https://lists.debian.org/debian-security-announce/2021/msg00073.html

- https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq

-

- https://www.cve.org/CVERecord?id=CVE-2021-23980

Resolution

SRPMS

- 7/core/python-bleach-3.1.4-1.1.mga7

- 8/core/python-bleach-3.3.0-1.mga8

Publication date: 16 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0260.html
Type: security
CVE: CVE-2021-23980

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here