CVE-2020-6817

bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).
Configurations

Configuration 1

No configuration.

Information

Published : 2023-02-16 10:15

Updated : 2023-02-17 12:52


NVD link : CVE-2020-6817

Mitre link : CVE-2020-6817

Products Affected
CWE
No CWE.