CVE-2021-43818

Advisory

[This advisory has been limited. Please create a free account to view the full advisory.]

Affected package

Affected versions

[This affected versions has been limited. Please create a free account to view the full affected versions.]

Fixed versions

[This fixed versions has been limited. Please create a free account to view the full fixed versions.]

Vulnerability changelog

==================

Bugs fixed
----------

* A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script
content through SVG images.

* A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script
content through CSS imports and other crafted constructs.

Resources

• https://pypi.org/project/lxml
• https://pyup.io/changelogs/lxml/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818
• https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0
• https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776
• https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
• https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a
• https://lists.fedoraproject.org/archives/list/[email protected]/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/
• https://lists.fedoraproject.org/archives/list/[email protected]/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/
• https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html
• https://security.netapp.com/advisory/ntap-20220107-0005/
• https://www.debian.org/security/2022/dsa-5043
• https://lists.fedoraproject.org/archives/list/[email protected]/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/
• https://lists.fedoraproject.org/archives/list/[email protected]/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V/
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://www.oracle.com/security-alerts/cpujul2022.html
• https://security.gentoo.org/glsa/202208-06