Vulnerability Description
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mistune Project | Mistune | < 0.8.1 |
| Fedoraproject | Fedora | 26 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1524596Issue TrackingThird Party AdvisoryVDB Entry
- https://github.com/lepture/mistune/blob/master/CHANGES.rstRelease NotesThird Party Advisory
- https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127fPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://bugzilla.redhat.com/show_bug.cgi?id=1524596Issue TrackingThird Party AdvisoryVDB Entry
- https://github.com/lepture/mistune/blob/master/CHANGES.rstRelease NotesThird Party Advisory
- https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127fPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2017-16876?
CVE-2017-16876 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape th...
How severe is CVE-2017-16876?
CVE-2017-16876 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-16876?
Check the references section above for vendor advisories and patch information. Affected products include: Mistune Project Mistune, Fedoraproject Fedora.