Cross-Site Scripting in python-lxml
ID: | FEDORA-2021-4cdb0f68c7 |
Distribution: | Fedora |
Plattformen: | Fedora 33 |
Datum: | Fr, 4. Juni 2021, 07:29 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28957 |
Applikationen: | lxml |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-4cdb0f68c7 2021-06-04 01:02:33.599993 -------------------------------------------------------------------------------- Name : python-lxml Product : Fedora 33 Version : 4.5.1 Release : 4.fc33 URL : https://github.com/lxml/lxml Summary : XML processing library combining libxml2/libxslt with the ElementTree API Description : lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTree It extends the ElementTree API significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, C14N and much more.To contact the project, go to the project home page < or see our bug tracker at case you want to use the current ... -------------------------------------------------------------------------------- Update Information: Fix CVE-2021-28957: missing input sanitization for formaction HTML5 attributes may lead to XSS -------------------------------------------------------------------------------- ChangeLog: * Fri May 21 2021 Charalampos Stratakis |