{"id":"PYSEC-2018-51","details":"An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.","aliases":["CVE-2018-7753","GHSA-m9mq-p2f9-cfqv"],"modified":"2023-11-01T04:49:36.034014Z","published":"2018-03-07T23:29:00Z","references":[{"type":"WEB","url":"https://github.com/mozilla/bleach/releases/tag/v2.1.3"},{"type":"FIX","url":"https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef"},{"type":"WEB","url":"https://bugs.debian.org/892252"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-m9mq-p2f9-cfqv"}],"affected":[{"package":{"name":"bleach","ecosystem":"PyPI","purl":"pkg:pypi/bleach"},"ranges":[{"type":"GIT","repo":"https://github.com/mozilla/bleach","events":[{"introduced":"0"},{"fixed":"c5df5789ec3471a31311f42c2d19fc2cf21b35ef"}]},{"type":"ECOSYSTEM","events":[{"introduced":"2.1"},{"fixed":"2.1.3"}]}],"versions":["2.1","2.1.1","2.1.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/bleach/PYSEC-2018-51.yaml"}}],"schema_version":"1.7.3"}