Skip to content

Policies not properly enforced in bluemonday

Moderate severity GitHub Reviewed Published Oct 19, 2021 to the GitHub Advisory Database • Updated May 20, 2024

Package

gomod github.com/microcosm-cc/bluemonday (Go)

Affected versions

< 1.0.16

Patched versions

1.0.16
pip pybluemonday (pip)
< 0.0.8
0.0.8

Description

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

References

Published by the National Vulnerability Database Oct 18, 2021
Reviewed Oct 19, 2021
Published to the GitHub Advisory Database Oct 19, 2021
Last updated May 20, 2024

Severity

Moderate

Weaknesses

CVE ID

CVE-2021-42576

GHSA ID

GHSA-x95h-979x-cf3j

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.