python-lxml

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Python3 binding for the libxml2 and libxslt libraries
Version 4.7.1-1 [testing]
4.6.5-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2629 4.6.4-3 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-43818 AVG-2629 Medium Yes Cross-site scripting
Prior to python-lxml version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1720 4.6.2-2 4.6.3-1 Medium Fixed
AVG-1319 4.6.1-3 4.6.2-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-28957 AVG-1720 Medium No Insufficient validation
python-lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for...
CVE-2020-27783 AVG-1319 Medium Yes Cross-site scripting
A cross-site scripting vulnerability was discovered in python-lxml's clean module before version 4.6.2. The module's parser didn't properly imitate...

Advisories

Date Advisory Group Severity Type
05 Dec 2020 ASA-202012-1 AVG-1319 Medium cross-site scripting