CVE-2021-28957 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Insufficient validation
Description	python-lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1720	python-lxml	4.6.2-2	4.6.3-1	Medium	Fixed

References
https://bugs.launchpad.net/lxml/+bug/1888153 https://github.com/lxml/lxml/pull/316 https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d