Go modules package
github.com/microcosm-cc/bluemonday
pkg:golang/github.com/microcosm-cc/bluemonday
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-42576 | — | < 1.0.16 | 1.0.16 | Oct 18, 2021 | The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | ||
| CVE-2021-29272 | — | < 1.0.5 | 1.0.5 | Mar 27, 2021 | bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string. |
- CVE-2021-42576Oct 18, 2021affected < 1.0.16fixed 1.0.16
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
- CVE-2021-29272Mar 27, 2021affected < 1.0.5fixed 1.0.5
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.