lambda-go-api-proxy makes it easy to port APIs written with Go frameworks such as Gin (https://gin-gonic.github.io/gin/ ) to AWS Lambda and Amazon API Gateway.
Used version of github.com/microcosm-cc/bluemonday v1.0.15 is vulnerable to CVE-2021-42576
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
solution: Update bluemonday to version 1.0.16 or later.
Used version of github.com/microcosm-cc/bluemonday v1.0.15 is vulnerable to CVE-2021-42576
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
solution: Update bluemonday to version 1.0.16 or later.
CVE-2021-42576: https://nvd.nist.gov/vuln/detail/CVE-2021-42576