PT-2020-7757 · Bleach · Bleach
Published
2020-09-01
·
Updated
2020-09-01
·
CVE-2014-8881
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
bleach (affected versions not specified)
Description
The issue concerns a regular expression denial of service attack that can occur when certain types of input are passed into the
sanitize function.Recommendations
To mitigate this issue, consider using an alternative module that is actively maintained and provides similar functionality.
As a temporary workaround, consider restricting the use of the
sanitize function until an alternative solution is implemented.Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bleach