CVE-2021-42576
Published: 18 October 2021
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
golang-github-microcosm-cc-bluemonday Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Does not exist
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Needs triage
|
|
jammy |
Not vulnerable
(1.0.16-1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(1.0.16-1)
|
|
xenial |
Does not exist
|