—
PYSEC-2020-340
Details
In Mozilla Bleach before 3.1.4, `bleach.clean` behavior parsing style attributes could result in a regular expression denial of service (ReDoS).
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm [ADVISORY]
- https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/ [ARTICLE]
- https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 [REPORT]
- https://github.com/mozilla/bleach/releases/tag/v3.1.4 [WEB]
- https://snyk.io/vuln/SNYK-PYTHON-BLEACH-561754 [ADVISORY]