[PYSEC-2021-19] lxml vulnerability
Severity
Medium
Affected Packages
147
Fixed Packages
1
CVEs
1
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
Package | Fixed Version |
---|---|
pkg:pypi/lxml | = 4.6.3 |
- ID
- PYSEC-2021-19
- Severity
- medium
- Severity from
- CVE-2021-28957
- URL
- https://github.com/advisories/GHSA-jq4v-f5q6-mjqq
- Published
-
2021-03-21T05:15:00
(3 years ago) - Modified
-
2021-03-30T18:47:00
(3 years ago) - Other Advisories
-
- ALAS2-2024-2620
- ALPINE:CVE-2021-28957
- ALSA-2021:4151
- ALSA-2021:4158
- ALSA-2021:4160
- ALSA-2021:4162
- DSA-4880-1
- ELSA-2021-4151
- ELSA-2021-4160
- ELSA-2021-4162
- ELSA-2022-9341
- FEDORA-2021-28723f9670
- FEDORA-2021-4cdb0f68c7
- GLSA-202208-06
- MS:CVE-2021-28957
- openSUSE-SU-2022:0803-1
- RHSA-2021:4151
- RHSA-2021:4158
- RHSA-2021:4160
- RHSA-2021:4162
- RLSA-2021:4151
- RLSA-2021:4160
- RLSA-2021:4162
- SUSE-SU-2022:0803-1
- SUSE-SU-2022:0895-1
- SUSE-SU-2022:1536-1
- SUSE-SU-2022:1729-1
- SUSE-SU-2022:3836-1
- SUSE-SU-2022:3934-1
- SUSE-SU-2022:3937-1
- USN-4896-1
- USN-4896-2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:pypi/lxml | lxml | = 4.6.3 | ||||
Affected | pkg:pypi/lxml | lxml | >= 0.0 < 4.6.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 0.9 | ||||
Affected | pkg:pypi/lxml | lxml | = 0.9.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 0.9.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.0.beta | ||||
Affected | pkg:pypi/lxml | lxml | = 1.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.0.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.0.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.0.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.0.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.1alpha | ||||
Affected | pkg:pypi/lxml | lxml | = 1.1beta | ||||
Affected | pkg:pypi/lxml | lxml | = 1.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.1.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.1.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.2.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.3beta | ||||
Affected | pkg:pypi/lxml | lxml | = 1.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.3.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.3.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.3.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.3.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.3.5 | ||||
Affected | pkg:pypi/lxml | lxml | = 1.3.6 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0alpha1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0alpha2 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0alpha3 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0alpha4 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0alpha5 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0alpha6 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0beta1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0beta2 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0.5 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0.6 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0.7 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0.8 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0.9 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0.10 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.0.11 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.1alpha1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.1beta1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.1beta2 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.1beta3 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.1.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.1.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.1.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.1.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.1.5 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2alpha1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2beta1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2beta2 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2beta3 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2beta4 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2.5 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2.6 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2.7 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.2.8 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.3alpha1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.3alpha2 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.3beta1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.3.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.3.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.3.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.3.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.3.5 | ||||
Affected | pkg:pypi/lxml | lxml | = 2.3.6 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.0.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.0.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.1beta1 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.1.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.1.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.1.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.2.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.2.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.2.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.2.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.2.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.2.5 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.0beta1 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.0beta2 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.0beta3 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.0beta4 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.0beta5 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.5 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.3.6 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.4.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.4.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.4.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.4.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.4.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.5.0b1 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.5.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.6.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.6.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.6.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.6.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.6.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.7.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.7.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.7.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.7.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 3.8.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.0.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.1.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.1.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.2.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.2.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.2.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.2.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.2.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.2.5 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.2.6 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.3.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.3.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.3.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.3.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.3.4 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.3.5 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.4.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.4.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.4.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.4.3 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.5.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.5.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.5.2 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.6.0 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.6.1 | ||||
Affected | pkg:pypi/lxml | lxml | = 4.6.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |