python-lxml
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Python3 binding for the libxml2 and libxslt libraries |
| Version | 5.3.0-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2629 | 4.6.4-3 | 4.6.5-1 | Medium | Fixed | |
| AVG-1720 | 4.6.2-2 | 4.6.3-1 | Medium | Fixed | |
| AVG-1319 | 4.6.1-3 | 4.6.2-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-43818 | AVG-2629 | Medium | Yes | Cross-site scripting | There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted... |
| CVE-2021-28957 | AVG-1720 | Medium | No | Insufficient validation | python-lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for... |
| CVE-2020-27783 | AVG-1319 | Medium | Yes | Cross-site scripting | A cross-site scripting vulnerability was discovered in python-lxml's clean module before version 4.6.2. The module's parser didn't properly imitate... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 05 Dec 2020 | ASA-202012-1 | AVG-1319 | Medium | cross-site scripting |