Published: 16/02/2023 Updated: 28/02/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla bleach

Debian Bug report logs - #955388 src:python-bleach: Regular expression denial of service (CVE-2020-6817) Package: src:python-bleach; Maintainer for src:python-bleach is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Scott Kitterman <scott@kittermancom> Date: Mon, 30 Mar 2020 23 ...

-python-tda-bug-hunt-new DEPENDENCY #bleach==301 VULNERABLE DEPENDENCY IN THE PACKAGE TREE #hellobluenove==20 VULNERABILITIES WS-2021-0011 CVE-2020-6817 CVE-2020-6816 CVE-2020-6802 DEPENDENCY #freeipa==481 VULNERABLE DEPENDENCY IN THE PACKAGE TREE #gssapi==182 VULNERABILITIES CVE-2019-14867 DEPENDENCY #freeipa==481 VULNERABLE DEPENDENCY IN THE PACKAGE TREE #gssapi=

CWE-1333 https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955388 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-6817

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect