CVE-2024-34078

Publication date 6 May 2024

Last updated 24 July 2024


Ubuntu priority

html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2.

Read the notes from the security team

Status

Package Ubuntu Release Status
python-html-sanitizer 24.10 oracular
Vulnerable
24.04 LTS noble
Vulnerable
23.10 mantic Not in release
22.04 LTS jammy
Vulnerable
20.04 LTS focal Not in release

Notes


0xnishit

package is FTBFS for jammy, noble