—

PYSEC-2021-865

Details

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / bleach

Introduced in: 0 Fixed in: 79b7a3c5e56a09d1d323a5006afa59b56162eb13

Fix pip install --upgrade 'bleach>=79b7a3c5e56a09d1d323a5006afa59b56162eb13'

References

https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq [ADVISORY]
https://advisory.checkmarx.net/advisory/CX-2021-4303 [ADVISORY]
ttps://bugzilla.mozilla.org/show_bug.cgi?id=1689399 [REPORT]
https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13 [FIX]