Debian Bug report logs -
#1001885
lxml: CVE-2021-43818: HTML Cleaner allows crafted and SVG embedded scripts to pass through
Package:
src:lxml;
Maintainer for src:lxml is Matthias Klose <doko@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 18 Dec 2021 10:45:01 UTC
Severity: important
Ta ...
It was discovered that lxml, a Python binding for the libxml2 and
libxslt libraries, does not properly sanitize its input, which could
lead to cross-site scripting
For the oldstable distribution (buster), this problem has been fixed
in version 432-1+deb10u4
For the stable distribution (bullseye), this problem has been fixed in
version 463+dfs ...
Synopsis
Moderate: python39:39 and python39-devel:39 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the python39:39 and python39-devel:39 modules is now available for Red Hat Enterprise L ...
Synopsis
Moderate: python-lxml security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for python-lxml is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as hav ...
Synopsis
Moderate: python27:27 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the python27:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this ...
Synopsis
Moderate: Red Hat Software Collections security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for rh-python38-python, rh-python38-python-lxml, and rh-python38-python-pip is now available for Red ...
Synopsis
Moderate: Satellite 611 Release
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update is now available for Red Hat Satellite 611
Description
Red Hat Satellite is a systems management tool for Linux-basedin ...
Synopsis
Important: OpenShift Container Platform 4110 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers This can occur because the HTML Cleaner did not remove scripts ...
A Cross-site Scripting (XSS) vulnerability was found in the python-lxml's clean module The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page This flaw allows a remote attacker to run arbitrary HTML/JS code The highest threat from this vulnerability is to confidentiality and i ...
lxml is a library for processing XML and HTML in the Python language Prior to version 465, the HTML Cleaner in lxmlhtml lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 465 to receive a pat ...
Prior to python-lxml version 465, the HTML Cleaner in lxmlhtml lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs
Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 465 to receive a patch ...
There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers This can occur because the HTML Cleaner did not remove scripts ...
There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers This can occur because the HTML Cleaner did not remove scripts ...