It was reported that python-bleach, a whitelist-based HTML-sanitizing
library, is prone to a mutation XSS vulnerability in bleach.clean when "svg"
or "math" are in the allowed tags, 'p' or "br" are in allowed tags, "style",
"title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp" are
in allowed tags and 'strip_comments=False' is set (CVE-2021-23980).
- https://bugs.mageia.org/show_bug.cgi?id=28986
- https://lists.debian.org/debian-security-announce/2021/msg00073.html
- https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
-
- https://www.cve.org/CVERecord?id=CVE-2021-23980
- 7/core/python-bleach-3.1.4-1.1.mga7
- 8/core/python-bleach-3.3.0-1.mga8
Get the latest Linux and open source security news straight to your inbox.