Improper Policy Enforcement in bluemonday Sanitizer for Go and Python

Improper Policy Enforcement in bluemonday Sanitizer for Go and Python

CVE-2021-42576 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

Learn more about our Web Application Penetration Testing UK.