Search for packages
| purl | pkg:pypi/bleach@2.1.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7ae6-tssy-h7h4
Aliases: CVE-2018-7753 GHSA-m9mq-p2f9-cfqv PYSEC-2018-51 |
An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized. |
Affected by 4 other vulnerabilities. |
|
VCID-92h1-h2vh-xyb6
Aliases: CVE-2020-6802 GHSA-q65m-pv3f-wr5r PYSEC-2020-27 |
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. |
Affected by 3 other vulnerabilities. |
|
VCID-cthk-b1bv-xfbk
Aliases: CVE-2020-6816 GHSA-m6xf-fq7q-8743 PYSEC-2020-28 |
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. |
Affected by 2 other vulnerabilities. |
|
VCID-kxh2-721e-tyh2
Aliases: CVE-2020-6817 GHSA-vqhp-cxgc-6wmm GMS-2020-698 PYSEC-2020-340 SNYK-PYTHON-BLEACH-561754 |
In Mozilla Bleach before 3.1.4, `bleach.clean` behavior parsing style attributes could result in a regular expression denial of service (ReDoS). |
Affected by 1 other vulnerability. |
|
VCID-mqaz-y2xw-sya2
Aliases: CVE-2021-23980 GHSA-vv2x-vrpj-qqpq GMS-2021-168 PYSEC-2021-865 |
In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||