Your submission was sent successfully! Close

CVE-2021-42576

Published: 18 October 2021

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
golang-github-microcosm-cc-bluemonday
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Does not exist

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Not vulnerable
(1.0.16-1)
trusty Does not exist

upstream
Released (1.0.16-1)
xenial Does not exist