Alerts This Week
Warning Icon 1 1,161
Alerts This Week
Warning Icon 1 1,161

Ubuntu 20.04 LTS USN-8077-1 Python-Bleach Important Cross-Site Scripting

ubuntu
Calendar Grey March 5, 2026
Dist Ubuntu Esm H88
Several security issues in Bleach require immediate action to enhance protection against potential cross-site scripting attacks.
Several security issues were fixed in Bleach.

Summary

Several security issues were fixed in Bleach.

Software Description:

- python-bleach: An allowed-list-based HTML sanitizing library that escapes or strips markup and attributes

Details:

It was discovered that Bleach did not properly sanitize URI attributes

containing character entities. An attacker could possibly use this issue

to construct a URI with a disallowed scheme that would bypass

sanitization, leading to cross-site scripting. This issue only affected

Ubuntu 18.04 LTS. (CVE-2018-7753)

Yaniv Nizry discovered that Bleach was vulnerable to a mutation

cross-site scripting issue when sanitizing HTML with the noscript tag

and a raw tag in the allowed tags list. An attacker could possibly

use this issue to inject malicious content, leading to cross-site

scripting. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-6802)

Yaniv Nizry discovered that Bleach was vulnerable to a mutation

cross-site scripting issue when sanitizing HTML with RCDATA together

with svg or math tags in...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service cross site scripting Ubuntu important python-bleach

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  python-bleach-doc               3.1.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-bleach                  3.1.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  python-bleach                   2.1.2-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python-bleach-doc               2.1.2-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-bleach                  2.1.2-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  python-bleach                   1.4.2-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python-bleach-doc               1.4.2-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-bleach                  1.4.2-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8077-1

CVE-2018-7753, CVE-2020-6802, CVE-2020-6816, CVE-2020-6817,

CVE-2021-23980

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8077-1

Topics%20covered

Topics Covered

security advisory denial of service cross site scripting Ubuntu important python-bleach

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here