← All advisories

Moderate severityOSV Advisory· Published Mar 24, 2020· Updated Aug 4, 2024

CVE-2020-6802

CVE-2020-6802

Description

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
bleachPyPI	< 3.1.1	3.1.1

Affected products

6

Mozilla Corporation/BleachOSV
Range: 0.1.2, 0.2.0, 0.2.1, …
ghsa-coords5 versions
pkg:pypi/bleach pkg:rpm/opensuse/python-bleach&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/python-bleach&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/weblate&distro=openSUSE%20Tumbleweed pkg:rpm/suse/python-bleach&distro=SUSE%20Package%20Hub%2015%20SP1
< 3.1.1+ 4 more
- (no CPE)range: < 3.1.1
- (no CPE)range: < 3.1.1-lp151.3.6.1
- (no CPE)range: < 6.1.0-1.5
- (no CPE)range: < 4.8.1-1.1
- (no CPE)range: < 3.1.1-bp151.4.4.1

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

15

github.com/advisories/GHSA-q65m-pv3f-wr5rghsaADVISORY
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/72R4VFFHDRSQMNT7IZU3X2755ZP4HGNI/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCNLM2MGQTOLCIVVYS2Z5S7KOQJR5JC4/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTULPQB7HVPPYWEYVNHJGDTSPVIDHIZX/mitrevendor-advisoryx_refsource_FEDORA
nvd.nist.gov/vuln/detail/CVE-2020-6802ghsaADVISORY
advisory.checkmarx.net/advisory/CX-2020-4276ghsax_refsource_MISCWEB
bugzilla.mozilla.org/show_bug.cgighsaWEB
cure53.de/fp170.pdfghsaWEB
github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fdghsaWEB
github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5rghsax_refsource_MISCWEB
github.com/pypa/advisory-database/tree/main/vulns/bleach/PYSEC-2020-27.yamlghsaWEB
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/72R4VFFHDRSQMNT7IZU3X2755ZP4HGNIghsaWEB
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCNLM2MGQTOLCIVVYS2Z5S7KOQJR5JC4ghsaWEB
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTULPQB7HVPPYWEYVNHJGDTSPVIDHIZXghsaWEB
www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleachghsax_refsource_MISCWEB

News mentions

0

No linked articles in our index yet.