You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: clusterfuzz/src/python/bot/tasks
Path to vulnerable library: clusterfuzz/src/python/bot/tasks,clusterfuzz/src/local/butler/scripts,clusterfuzz/src/requirements.txt,clusterfuzz/src/appengine/handlers/cron/project,clusterfuzz/src/python/bot/untrusted_runner/build,clusterfuzz/src/appengine/requirements.txt,clusterfuzz/resources/platform/linux/peach/peach_mutator/peach_mutator/requirements.txt,clusterfuzz/src/platform_requirements.txt
Path to dependency file: clusterfuzz/src/python/bot/untrusted_runner/build
Path to vulnerable library: clusterfuzz/src/python/bot/untrusted_runner/build,clusterfuzz/resources/platform/linux/peach/peach_mutator/peach_mutator/third_party/peach/requirements.txt,clusterfuzz/src/local/butler/scripts,clusterfuzz/src/python/bot/tasks,clusterfuzz/src/appengine/handlers/cron/project
Dependency Hierarchy:
❌ lxml-3.3.5.tar.gz (Vulnerable Library)
Vulnerability Details
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
mend-for-github-combot
changed the title
CVE-2020-27783 (High) detected in lxml-4.5.0-cp27-cp27mu-manylinux1_x86_64.whl, lxml-3.3.5.tar.gz
CVE-2020-27783 (Medium) detected in lxml-4.5.0-cp27-cp27mu-manylinux1_x86_64.whl, lxml-3.3.5.tar.gz
Dec 23, 2020
CVE-2020-27783 - Medium Severity Vulnerability
Vulnerable Libraries - lxml-4.5.0-cp27-cp27mu-manylinux1_x86_64.whl, lxml-3.3.5.tar.gz
lxml-4.5.0-cp27-cp27mu-manylinux1_x86_64.whl
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Library home page: https://files.pythonhosted.org/packages/03/06/eb9f000882f671a2d494342c1fe93b1c8b18fb04420bb611aeaa3298ef17/lxml-4.5.0-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: clusterfuzz/src/python/bot/tasks
Path to vulnerable library: clusterfuzz/src/python/bot/tasks,clusterfuzz/src/local/butler/scripts,clusterfuzz/src/requirements.txt,clusterfuzz/src/appengine/handlers/cron/project,clusterfuzz/src/python/bot/untrusted_runner/build,clusterfuzz/src/appengine/requirements.txt,clusterfuzz/resources/platform/linux/peach/peach_mutator/peach_mutator/requirements.txt,clusterfuzz/src/platform_requirements.txt
Dependency Hierarchy:
lxml-3.3.5.tar.gz
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Library home page: https://files.pythonhosted.org/packages/ae/a8/ad6c2350c65b357faf9a06c7428b5c6159b01bd3014eed93a75513843063/lxml-3.3.5.tar.gz
Path to dependency file: clusterfuzz/src/python/bot/untrusted_runner/build
Path to vulnerable library: clusterfuzz/src/python/bot/untrusted_runner/build,clusterfuzz/resources/platform/linux/peach/peach_mutator/peach_mutator/third_party/peach/requirements.txt,clusterfuzz/src/local/butler/scripts,clusterfuzz/src/python/bot/tasks,clusterfuzz/src/appengine/handlers/cron/project
Dependency Hierarchy:
Vulnerability Details
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Publish Date: 2020-12-03
URL: CVE-2020-27783
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1901633
Release Date: 2020-10-27
Fix Resolution: 4.6.1
The text was updated successfully, but these errors were encountered: