CVE-2020-27783

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

Database specific

{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "12.0.0.3.0"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.8"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "10.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "32"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "33"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        }
    ]
}

References

Affected packages

Git / github.com/lxml/lxml

Affected ranges

Type

GIT

Repo

https://github.com/lxml/lxml

Events

Introduced

2940d9b6723599da95cf294fe5125e29c9751f7b

Fixed

4cb57362deb23bca0f70f41ab1efa13390fcdbb1

Database specific

{
    "extracted_events": [
        {
            "introduced": "1.2"
        },
        {
            "fixed": "4.6.2"
        }
    ],
    "cpe": "cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD"
}

Affected versions

lxml-1.*

lxml-1.2

lxml-2.*

lxml-2.0

lxml-2.0.1

lxml-2.0alpha1

lxml-2.0alpha2

lxml-2.0alpha3

lxml-2.0alpha4

lxml-2.0alpha5

lxml-2.0alpha6

lxml-2.0beta1

lxml-2.0beta2

lxml-2.1

lxml-2.1alpha1

lxml-2.1beta1

lxml-2.1beta2

lxml-2.1beta3

lxml-2.2

lxml-2.2.1

lxml-2.2.2

lxml-2.3

lxml-2.3.1

lxml-2.3alpha1

lxml-2.3alpha2

lxml-2.3beta1

lxml-3.*

lxml-3.0

lxml-3.0.1

lxml-3.0alpha1

lxml-3.0alpha2

lxml-3.0beta1

lxml-3.1.0

lxml-3.1.1

lxml-3.1beta1

lxml-3.2.0

lxml-3.2.1

lxml-3.2.2

lxml-3.2.3

lxml-3.3.0

lxml-3.3.0beta1

lxml-3.3.0beta2

lxml-3.3.0beta3

lxml-3.3.0beta4

lxml-3.3.0beta5

lxml-3.3.1

lxml-3.3.2

lxml-3.3.3

lxml-3.4.0

lxml-3.4.0beta1

lxml-3.4.1

lxml-3.5.0

lxml-3.5.0b1

lxml-3.6.0

lxml-3.6.1

lxml-3.7.0

lxml-3.7.1

lxml-3.7.2

lxml-3.8.0

lxml-3.8.0-py27fix

lxml-4.*

lxml-4.0.0

lxml-4.1.0

lxml-4.1.1

lxml-4.2.0

lxml-4.2.1

lxml-4.2.2

lxml-4.3.0

lxml-4.3.1

lxml-4.3.2

lxml-4.4.0

lxml-4.4.1

lxml-4.5.0

lxml-4.5.1

lxml-4.5.2

lxml-4.6.0

lxml-4.6.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27783.json"