Advisories ยป MGASA-2018-0497

Updated python-lxml packages fix security vulnerability

Publication date: 31 Dec 2018
Modification date: 31 Dec 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-19787

Description

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the
lxml.html.clean module does not remove javascript: URLs that use
escaping, allowing a remote attacker to conduct XSS attacks, as
demonstrated by "j a v a s c r i p t:" in Internet Explorer
(CVE-2018-19787).
                

References

SRPMS

6/core