Impact
bleach.clean
behavior parsing style attributes could result in a regular expression denial of service (ReDoS).
Calls to bleach.clean
with an allowed tag with an allowed style
attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']})
.
Patches
3.1.4
Workarounds
References
Credits
- Reported by schwag09 of r2c
For more information
If you have any questions or comments about this advisory:
Impact
bleach.clean
behavior parsing style attributes could result in a regular expression denial of service (ReDoS).Calls to
bleach.clean
with an allowed tag with an allowedstyle
attribute are vulnerable to ReDoS. For example,bleach.clean(..., attributes={'a': ['style']})
.Patches
3.1.4
Workarounds
do not whitelist the style attribute in
bleach.clean
callslimit input string length
References
Credits
For more information
If you have any questions or comments about this advisory: