AVG-1720 log
| Package | python-lxml |
| Status | Fixed |
| Severity | Medium |
| Type | insufficient validation |
| Affected | 4.6.2-2 |
| Fixed | 4.6.3-1 |
| Current | 6.0.2-1 [extra] |
| Ticket | None |
| Created | Sun Mar 21 10:33:15 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-28957 | Medium | No | Insufficient validation | python-lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for... |