—

PYSEC-2020-28

상세

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / bleach

최초 영향 버전: 0 수정 버전: 3.1.2

수정 pip install --upgrade 'bleach>=3.1.2'

참고

https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 [ADVISORY]
https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach [ARTICLE]
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EDQU2SZLZMSSACCBUBJ6NOSRNNBDYFW5/ [WEB]
https://advisory.checkmarx.net/advisory/CX-2020-4277 [ADVISORY]