ALT-PU-2018-3701-1

Обновление пакета python-module-bleach в ветке sisyphus

Версия2.1.3-alt1

Задание#208172

Опубликовано2018-06-09

Макс. серьёзностьCRITICAL

Серьёзность:

Закрытые проблемы (2)

CRITICAL9.8

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.

Опубликовано: 2018-03-07Изменено: 2024-11-21

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xКРИТИЧЕСКАЯ 9.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ссылки

GHSA-m9mq-p2f9-cfqv

CRITICAL9.3

Bleach URI Scheme Restriction Bypass

Опубликовано: 2019-01-04Изменено: 2024-09-04

CVSS 3.xКРИТИЧЕСКАЯ 9.3

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0КРИТИЧЕСКАЯ 9.3

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Ссылки