CVE-2020-6816

Name
CVE-2020-6816
Description
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743
Exploit https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EDQU2SZLZMSSACCBUBJ6NOSRNNBDYFW5/
MISC https://advisory.checkmarx.net/advisory/CX-2020-4277

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:mozilla:bleach:*:*:*:*:*:*:*:* bleach >= None < 3.1.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status