CVE-2020-26303

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-26303
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26303.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-26303
Aliases
Published
2024-10-26T21:15:13Z
Modified
2024-11-14T07:50:42.603118Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.

References

Affected packages

Git / github.com/bevacqua/insane

Affected ranges

Type
GIT
Repo
https://github.com/bevacqua/insane
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v2.*

v2.1.2
v2.2.0
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0
v2.6.0
v2.6.1
v2.6.2