Vulnerability Description
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microco | Bluemonday | < 1.0.16 |
| Python | Pybluemonday | < 0.0.8 |
References
- https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/ExploitThird Party Advisory
- https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/ExploitThird Party Advisory
FAQ
What is CVE-2021-42576?
CVE-2021-42576 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
How severe is CVE-2021-42576?
CVE-2021-42576 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-42576?
Check the references section above for vendor advisories and patch information. Affected products include: Microco Bluemonday, Python Pybluemonday.