CVE-2018-7753

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-7753
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7753.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-7753
Aliases
Related
Published
2018-03-07T23:29:00Z
Modified
2024-10-12T04:06:57.348842Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.

References

Affected packages

Debian:11 / python-bleach

Package

Name
python-bleach
Purl
pkg:deb/debian/python-bleach?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / python-bleach

Package

Name
python-bleach
Purl
pkg:deb/debian/python-bleach?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / python-bleach

Package

Name
python-bleach
Purl
pkg:deb/debian/python-bleach?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/mozilla/bleach

Affected ranges

Type
GIT
Repo
https://github.com/mozilla/bleach
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.2
0.2.0
0.2.1
0.2.2
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.4.0
0.5.0

1.*

1.0.0
1.0.0rc
1.0.0rc2
1.0.1
1.0.2
1.0.3

v1.*

v1.0.4
v1.1.0
v1.1.1
v1.2.1
v1.2.2
v1.4
v1.4.1
v1.4.2
v1.5

v2.*

v2.0
v2.1
v2.1.1
v2.1.2