CVE-2021-29272
Summary
| CVE | CVE-2021-29272 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-03-27 18:15:00 UTC |
|---|
| Updated | 2021-06-04 19:08:00 UTC |
|---|
| Description | bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Microco |
Bluemonday |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| vuln.ryotak.me/advisories/4.txt |
MISC |
vuln.ryotak.me |
|
| Advisory #4 - RyotaK's Vuln DB |
MISC |
vuln.ryotak.me |
|
| Release Fix regression that permitted script tags to be injected · microcosm-cc/bluemonday · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 500969 Alpine Linux Security Update for gitea
- 501563 Alpine Linux Security Update for gitea
- 982550 Go (go) Security Update for github.com/microcosm-cc/bluemonday (GHSA-3x58-xr87-2fcj)
