blob: 31038aaf2f9ecd70dfcf80a92ca3a8369cfdbf69 [file] [log] [blame]
id: GO-2022-0762
modules:
- module: github.com/microcosm-cc/bluemonday
versions:
- fixed: 1.0.5
vulnerable_at: 1.0.4
packages:
- package: github.com/microcosm-cc/bluemonday
symbols:
- Policy.sanitize
derived_symbols:
- Policy.Sanitize
- Policy.SanitizeBytes
- Policy.SanitizeReader
summary: |-
Cross-site scripting due to incorrect sanitization in
github.com/microcosm-cc/bluemonday
description: |-
An XSS injection was possible because the sanitization of the Cyrillic character
i bypass a protection mechanism against user-inputted HTML elements such as the
<script> tag.
published: 2021-05-18T21:07:37Z
cves:
- CVE-2021-29272
ghsas:
- GHSA-3x58-xr87-2fcj
references:
- fix: https://github.com/microcosm-cc/bluemonday/commit/524f142fe46e945b7dcd291d7805c4b7dcf75bee
- web: https://github.com/microcosm-cc/bluemonday/issues/111
- web: https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.5
review_status: REVIEWED