python-lxml

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Python3 binding for the libxml2 and libxslt libraries
Version 5.1.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2629 4.6.4-3 4.6.5-1 Medium Fixed
AVG-1720 4.6.2-2 4.6.3-1 Medium Fixed
AVG-1319 4.6.1-3 4.6.2-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-43818 AVG-2629 Medium Yes Cross-site scripting
There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted...
CVE-2021-28957 AVG-1720 Medium No Insufficient validation
python-lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for...
CVE-2020-27783 AVG-1319 Medium Yes Cross-site scripting
A cross-site scripting vulnerability was discovered in python-lxml's clean module before version 4.6.2. The module's parser didn't properly imitate...

Advisories

Date Advisory Group Severity Type
05 Dec 2020 ASA-202012-1 AVG-1319 Medium cross-site scripting