{"url":"http://public2.vulnerablecode.io/api/packages/19842?format=json","purl":"pkg:pypi/bleach@3.2.2","type":"pypi","namespace":"","name":"bleach","version":"3.2.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.3.0","latest_non_vulnerable_version":"3.3.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35717?format=json","vulnerability_id":"VCID-u46t-y5xa-hkf4","summary":"In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False.","references":[{"reference_url":"https://advisory.checkmarx.net/advisory/CX-2021-4303","reference_id":"","reference_type":"","scores":[],"url":"https://advisory.checkmarx.net/advisory/CX-2021-4303"},{"reference_url":"https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13"},{"reference_url":"https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19844?format=json","purl":"pkg:pypi/bleach@3.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bleach@3.3.0"}],"aliases":["CVE-2021-23980","GHSA-vv2x-vrpj-qqpq","PYSEC-2021-865"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u46t-y5xa-hkf4"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bleach@3.2.2"}