{"id":"MGASA-2021-0038","summary":"Updated python-lxml packages fix a security vulnerability","details":"A XSS vulnerability was discovered in python-lxml's clean module. The module's\nparser didn't properly imitate browsers, which caused different behaviors\nbetween the sanitizer and the user's page. A remote attacker could exploit\nthis flaw to run arbitrary HTML/JS code. (CVE-2020-27783).\n","modified":"2026-04-16T00:09:45.947023938Z","published":"2021-01-17T16:07:01Z","upstream":["CVE-2020-27783"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0038.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27685"},{"type":"WEB","url":"https://www.debian.org/lts/security/2020/dla-2467"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4666-1"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/"}],"affected":[{"package":{"name":"python-lxml","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/python-lxml?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.0-1.2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0038.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}