FreeBSD : py-bleach -- unsanitized character entities (e97a8852-32dd-4291-ba4d-92711daff056)

High Nessus Plugin ID 111409


The remote FreeBSD host is missing one or more security-related updates.


bleach developer reports :

Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.

This security issue was introduced in Bleach 2.1. Anyone using Bleach 2.1 is highly encouraged to upgrade.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 111409

File Name: freebsd_pkg_e97a885232dd4291ba4d92711daff056.nasl

Version: 1.2

Type: local

Published: 2018/07/30

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py27-bleach, p-cpe:/a:freebsd:freebsd:py36-bleach, cpe:/o:freebsd:freebsd

Patch Publication Date: 2018/07/27

Vulnerability Publication Date: 2018/03/05