Detections
Analytics

FreeBSD : py-bleach -- unsanitized character entities (e97a8852-32dd-4291-ba4d-92711daff056)

high Nessus Plugin ID 111409

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

bleach developer reports :

Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.

This security issue was introduced in Bleach 2.1. Anyone using Bleach 2.1 is highly encouraged to upgrade.

Solution

Update the affected packages.

See Also

https://github.com/mozilla/bleach/blob/v2.1.3/CHANGES

http://www.nessus.org/u?8a5097d2

Plugin Details

Severity: High

ID: 111409

File Name: freebsd_pkg_e97a885232dd4291ba4d92711daff056.nasl

Version: 1.2

Type: local

Published: 7/30/2018

Updated: 11/10/2018

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py27-bleach, p-cpe:/a:freebsd:freebsd:py36-bleach, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/27/2018

Vulnerability Publication Date: 3/5/2018