CVE-2021-42576
First published: Mon Oct 18 2021(Updated: )
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microco Bluemonday | <1.0.16 | |
| Python Pybluemonday | <0.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-42576?
CVE-2021-42576 is a vulnerability in the bluemonday sanitizer before 1.0.16 for Go and before 0.0.8 for Python (in pybluemonday) that does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
How severe is CVE-2021-42576?
CVE-2021-42576 has a severity rating of 9.8, which is considered critical.
What software versions are affected by CVE-2021-42576?
The bluemonday sanitizer before 1.0.16 for Go and before 0.0.8 for Python (in pybluemonday) are affected by CVE-2021-42576.
How can I fix CVE-2021-42576?
To fix CVE-2021-42576, you should update your bluemonday sanitizer to version 1.0.16 for Go or version 0.0.8 for Python (in pybluemonday) or later.
Where can I find more information about CVE-2021-42576?
You can find more information about CVE-2021-42576 at the following reference: https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- vendor/microco
- canonical/microco bluemonday
- vendor/python
- canonical/python pybluemonday