Vulnerability

CVE-2021-42576

 Report advisory or correction

CVSS Score 9.8 critical

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-Other

References

https://github.com/advisories/GHSA-x95h-979x-cf3j
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42576

[CVE-2021-42576] CWE-Other

Description

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

See github.com/microcosm-cc/bluemonday package information