package/python-markdown2: fix CVE-2020-11888 (544007dc) · Commits · Arm Reference Solutions / buildroot

Commit 544007dc authored May 11, 2020 by Fabrice Fontaine Committed by Peter Korsgaard May 12, 2020

package/python-markdown2: fix CVE-2020-11888

python-markdown2 through 2.3.8 allows XSS because element names are
mishandled unless a \w+ match succeeds. For example, an attack might use
elementname@ or elementname- with an onclick attribute.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent 2f3fc105

Hide whitespace changes

Inline Side-by-side

Please register or to comment