webteam-app
commented
2 years ago renovate[bot] is not a collaborator of the repo
Closed renovate[bot] closed 2 years ago
webteam-app
commented
2 years ago renovate[bot] is not a collaborator of the repo
This PR contains the following updates:
==4.6.4->==4.6.5GitHub Vulnerability Alerts
CVE-2021-43818
Impact
The HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs.
Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5.
Patches
The issue has been resolved in lxml 4.6.5.
Workarounds
None.
References
The issues are tracked under the report IDs GHSL-2021-1037 and GHSL-2021-1038.
Release Notes
lxml/lxml
### [`v4.6.5`](https://togithub.com/lxml/lxml/blob/HEAD/CHANGES.txt#465-2021-12-12) [Compare Source](https://togithub.com/lxml/lxml/compare/lxml-4.6.4...lxml-4.6.5) \================== ## Bugs fixed - A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images (CVE-2021-43818). - A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs (CVE-2021-43818).Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.