FreeBSD : py-bleach -- unsanitized character entities (e97a8852-32dd-4291-ba4d-92711daff056)
High Nessus Plugin ID 111409
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
Descriptionbleach developer reports :
Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.
This security issue was introduced in Bleach 2.1. Anyone using Bleach 2.1 is highly encouraged to upgrade.
SolutionUpdate the affected packages.