Mozilla Bleach 3.1.2

CPE Details

Mozilla Bleach 3.1.2
mozilla
bleach
3.1.2
2020-03-25
17h37 +00:00
2020-03-25
17h37 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mozilla:bleach:3.1.2:*:*:*:*:*:*:*

Informations

Vendor

mozilla

Product

bleach

Version

3.1.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-6817 2023-02-16 00h00 +00:00 bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).
7.5
High
CVE-2021-23980 2023-02-16 00h00 +00:00 A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
6.1
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.