{"id":"PYSEC-2021-849","details":"The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.","aliases":["CVE-2021-42576","GHSA-x95h-979x-cf3j","GO-2022-0588"],"modified":"2023-11-01T04:56:39.149941Z","published":"2021-10-18T15:15:00Z","references":[{"type":"WEB","url":"https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/"},{"type":"PACKAGE","url":"https://pypi.org/project/pybluemonday"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42576"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-x95h-979x-cf3j"}],"affected":[{"package":{"name":"pybluemonday","ecosystem":"PyPI","purl":"pkg:pypi/pybluemonday"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.0.8"}]}],"versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pybluemonday/PYSEC-2021-849.yaml"}}],"schema_version":"1.7.3"}