PYSEC-2010-1

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/mako/PYSEC-2010-1.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2010-1
Aliases
Published
2010-07-02T19:00:00Z
Modified
2023-11-01T04:44:18.548206Z
Summary
[none]
Details

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.

References

Affected packages

PyPI / mako

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.4

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.1.10
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0
0.3.1
0.3.2
0.3.3