stale[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
An easy safelist-based HTML-sanitizing tool.
Library home page: https://files.pythonhosted.org/packages/03/c8/b7ed0dfea5cb287907bd22c5ff7c3ed0a65b346f2a4cf916eb9e83be66b3/bleach-3.2.1-py2.py3-none-any.whl
Path to dependency file: /components/mlserve/requirements.txt
Path to vulnerable library: /components/mlserve/requirements.txt,/components/mlserve
Vulnerabilities
Details
WS-2021-0011
### Vulnerable Library - bleach-3.2.1-py2.py3-none-any.whlAn easy safelist-based HTML-sanitizing tool.
Library home page: https://files.pythonhosted.org/packages/03/c8/b7ed0dfea5cb287907bd22c5ff7c3ed0a65b346f2a4cf916eb9e83be66b3/bleach-3.2.1-py2.py3-none-any.whl
Path to dependency file: /components/mlserve/requirements.txt
Path to vulnerable library: /components/mlserve/requirements.txt,/components/mlserve
Dependency Hierarchy: - :x: **bleach-3.2.1-py2.py3-none-any.whl** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsIn Mozilla Bleach before 3.3.0, a mutation XSS in bleach.clean when p, br, style, title, noscript, script, textarea, noframes, iframe, or xmp and either svg or math tags are whitelisted and the keyword argument strip_comments=False.
Publish Date: 2021-02-01
URL: WS-2021-0011
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-vv2x-vrpj-qqpq
Release Date: 2021-02-01
Fix Resolution: 3.3.0
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)