Search

Find a vulnerability

Search criteria

    Related vulnerabilities

    PYSEC-2020-340

    Vulnerability from pysec - Published: 2020-03-30 19:45 - Updated: 2022-01-05 02:16
    VLAI
    Details

    In Mozilla Bleach before 3.1.4, bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS).

    Impacted products
    Name purl
    bleach pkg:pypi/bleach

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "bleach",
            "purl": "pkg:pypi/bleach"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "3.1.4"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "0.1",
            "0.1.1",
            "0.1.2",
            "0.2",
            "0.2.1",
            "0.2.2",
            "0.3",
            "0.3.1",
            "0.3.3",
            "0.3.4",
            "0.5.0",
            "0.5.1",
            "1.0.0",
            "1.0.1",
            "1.0.2",
            "1.0.3",
            "1.0.4",
            "1.1.0",
            "1.1.1",
            "1.1.2",
            "1.1.3",
            "1.1.4",
            "1.1.5",
            "1.2",
            "1.2.1",
            "1.2.2",
            "1.4",
            "1.4.1",
            "1.4.2",
            "1.4.3",
            "1.5.0",
            "2.0.0",
            "2.1",
            "2.1.1",
            "2.1.2",
            "2.1.3",
            "2.1.4",
            "3.0.0",
            "3.0.1",
            "3.0.2",
            "3.1.0",
            "3.1.1",
            "3.1.2",
            "3.1.3"
          ]
        }
      ],
      "aliases": [
        "CVE-2020-6817",
        "GHSA-vqhp-cxgc-6wmm",
        "SNYK-PYTHON-BLEACH-561754"
      ],
      "details": "In Mozilla Bleach before 3.1.4, `bleach.clean` behavior parsing style attributes could result in a regular expression denial of service (ReDoS).",
      "id": "PYSEC-2020-340",
      "modified": "2022-01-05T02:16:12.945364Z",
      "published": "2020-03-30T19:45:00Z",
      "references": [
        {
          "type": "ADVISORY",
          "url": "https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm"
        },
        {
          "type": "ARTICLE",
          "url": "https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/"
        },
        {
          "type": "REPORT",
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1623633"
        },
        {
          "type": "WEB",
          "url": "https://github.com/mozilla/bleach/releases/tag/v3.1.4"
        },
        {
          "type": "ADVISORY",
          "url": "https://snyk.io/vuln/SNYK-PYTHON-BLEACH-561754"
        }
      ]
    }