AVG-1720 log
Package | python-lxml |
Status | Fixed |
Severity | Medium |
Type | insufficient validation |
Affected | 4.6.2-2 |
Fixed | 4.6.3-1 |
Current | 5.3.0-2 [extra] |
Ticket | None |
Created | Sun Mar 21 10:33:15 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-28957 | Medium | No | Insufficient validation | python-lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for... |