CVE-2020-6817 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-6817 PUBLISHED

bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

EPSS 0.58% · 68.7th percentile

Risk Scores

EPSS Score

0.58%

68.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	python-bleach	0, 2.0-1, 2.1.2-1
Ubuntu:16.04:LTS	python-bleach	0, 1.4-1, 1.4.2-1
Ubuntu:20.04:LTS	python-bleach	0, 3.1.0-1, 3.1.0-2

Timeline

Mar 30, 2020 CVE Published
Aug 23, 2021 CVE Updated
Feb 17, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 6, 2023 EPSS Score
Jun 14, 2023 EPSS Score
Jul 23, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Oct 9, 2023 EPSS Score
Nov 17, 2023 EPSS Score
Dec 26, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-6817 third-party-advisory
https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm third-party-advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 third-party-advisory
https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69 third-party-advisory
https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-6817 third-party-advisory

Open in Interactive Console →