py-bleach: mutation XSS vulnerability (CVE-2020-6802)
A mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.
Affected Versions:
py-bleach <=3.1.0
Fixed In Vesion:
py-bleach 3.1.1
References:
- https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r
- https://security-tracker.debian.org/tracker/CVE-2020-6802
Patch:
https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd
Affected branches:
-
master -
3.11-stable