python-lxml-4.2.3-2.el8
エラータID: AXSA:2021-1839:01
Release date:
Tuesday, June 8, 2021 - 10:23
Subject:
python-lxml-4.2.3-2.el8
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API.
Security Fix(es):
* python-lxml: mXSS due to the use of improper parser (CVE-2020-27783)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-27783
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Solution:
Update packages.
CVEs:
CVE-2020-27783
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Additional Info:
N/A
Download:
SRPMS
- python-lxml-4.2.3-2.el8.src.rpm
MD5: b1c82572f564937c8ffd254787944b8e
SHA-256: 38cc36f2e90b64df280b681b9d327c69463bd549fc3a44c303f5caaedec9421a
Size: 4.28 MB
Asianux Server 8 for x86_64
- python3-lxml-4.2.3-2.el8.x86_64.rpm
MD5: 05833d219b953b509d4034a13a24efc7
SHA-256: bb841e8bcb56ee583ec87334fdebbc44aed9fea7bfd58ccb9c87092bfb1c64f5
Size: 1.50 MB
日本語