---

CVE-2021-28957 - log back

CVE-2021-28957 edited at 21 Mar 2021 18:22:38
References	https://bugs.launchpad.net/lxml/+bug/1888153 https://github.com/lxml/lxml/pull/316 + https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d

CVE-2021-28957 edited at 21 Mar 2021 10:35:30
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Insufficient validation
Description	+ python-lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute.
References	+ https://bugs.launchpad.net/lxml/+bug/1888153 + https://github.com/lxml/lxml/pull/316
Notes

CVE-2021-28957 created at 21 Mar 2021 10:33:15