CVE - CVE-2021-43818

CVE-ID
CVE-2021-43818	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8 URL:https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8 CONFIRM:https://security.netapp.com/advisory/ntap-20220107-0005/ URL:https://security.netapp.com/advisory/ntap-20220107-0005/ DEBIAN:DSA-5043 URL:https://www.debian.org/security/2022/dsa-5043 FEDORA:FEDORA-2021-6e8fb79f90 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/ FEDORA:FEDORA-2021-9f9e7c5c4f URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/ FEDORA:FEDORA-2022-7129fbaeed URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V/ FEDORA:FEDORA-2022-96c79bf003 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/ GENTOO:GLSA-202208-06 URL:https://security.gentoo.org/glsa/202208-06 MISC:https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a URL:https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a MISC:https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776 URL:https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776 MISC:https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 URL:https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 MISC:https://www.oracle.com/security-alerts/cpuapr2022.html URL:https://www.oracle.com/security-alerts/cpuapr2022.html MISC:https://www.oracle.com/security-alerts/cpujul2022.html URL:https://www.oracle.com/security-alerts/cpujul2022.html MLIST:[debian-lts-announce] 20211230 [SECURITY] [DLA 2871-1] lxml security update URL:https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20211116	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20211116)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.