PyPi: Html-Sanitizer

CVE-2024-34078

Safety vulnerability ID: 71890

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 06, 2024 Updated at Jul 01, 2024
Scan your Python projects for vulnerabilities →

Advisory

An issue has been identified in the sanitizer when handling unicode normalization, which can lead to arbitrary HTML being present after sanitization. Specifically, if keep_typographic_whitespace=False (the default setting), the sanitizer normalizes unicode to the NFKC form at the end of the process. Some unicode characters normalize to chevrons (< and >), allowing specially crafted HTML to escape the sanitization process.

Affected package

html-sanitizer

Latest version: 2.4.4

HTML sanitizer

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application