PT-2018-18257 · None+1 · Bleach+1

Willkg

Publicado

2018-03-07

Atualizado

2026-03-05

CVE-2018-7753

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Bleach versions 2.1.x before 2.1.3

Description: An issue was discovered where attributes with URI values were not properly sanitized if the values contained character entities. This allowed for the construction of a URI value with a scheme that was not allowed to bypass sanitization.

Recommendations: For versions 2.1.x before 2.1.3, update to version 2.1.3 to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-7753

GHSA-M9MQ-P2F9-CFQV

OPENSUSE-SU-2024:11219-1

OPENSUSE-SU-2024:14134-1

PYSEC-2018-51

USN-8077-1

Produtos afetados

Bleach

Ubuntu

PT-2018-18257 · None+1 · Bleach+1

CVE-2018-7753

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 28