CVEブラウザに戻る

CVE-2018-7753

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1000%

EPSS Percentile10.00th

Published2018年3月7日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.

Affected Platforms (CPE)

📦

Mozilla

Bleach

= 2.1

📦

Mozilla

Bleach

= 2.1.1

📦

Mozilla

Bleach

= 2.1.2

References & Advisories

🔗 https://bugs.debian.org/892252

🔗 https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef

🔗 https://github.com/mozilla/bleach/releases/tag/v2.1.3

🔗 https://bugs.debian.org/892252

🔗 https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef

🔗 https://github.com/mozilla/bleach/releases/tag/v2.1.3

関連する脆弱性情報

CVE-2018-36507.8

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivi...

CVE-2020-68026.1

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitel...

CVE-2020-68166.1

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyw...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-7753 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space