First published: Tue Nov 09 2021(Updated: )
lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. <br>Security Fix(es):<br><li> python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python-lxml | <4.2.3-3.el8 | 4.2.3-3.el8 |
redhat/python-lxml-debugsource | <4.2.3-3.el8 | 4.2.3-3.el8 |
redhat/python3-lxml | <4.2.3-3.el8 | 4.2.3-3.el8 |
redhat/python3-lxml-debuginfo | <4.2.3-3.el8 | 4.2.3-3.el8 |
redhat/python-lxml-debugsource | <4.2.3-3.el8 | 4.2.3-3.el8 |
redhat/python3-lxml | <4.2.3-3.el8 | 4.2.3-3.el8 |
redhat/python3-lxml-debuginfo | <4.2.3-3.el8 | 4.2.3-3.el8 |
redhat/python-lxml-debugsource | <4.2.3-3.el8 | 4.2.3-3.el8 |
redhat/python3-lxml | <4.2.3-3.el8 | 4.2.3-3.el8 |
redhat/python3-lxml-debuginfo | <4.2.3-3.el8 | 4.2.3-3.el8 |
redhat/python-lxml-debugsource | <4.2.3-3.el8.aa | 4.2.3-3.el8.aa |
redhat/python3-lxml | <4.2.3-3.el8.aa | 4.2.3-3.el8.aa |
redhat/python3-lxml-debuginfo | <4.2.3-3.el8.aa | 4.2.3-3.el8.aa |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.