[Python-modules-team] Bug#955388: src:python-bleach: Regular expression denial of service (CVE-2020-6817)
Scott Kitterman
scott at kitterman.com
Tue Mar 31 00:05:29 BST 2020
Package: src:python-bleach
Version: 3.1.2-0+deb10u1
Severity: important
Tags: security
Once again with a python-bleach security issue...
https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm
Title
regular expression denial-of-service (ReDoS) in BleachSanitizerFilter.sanitize_css gauntlet regular expression
Impact
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS).
Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).
Fixed In
3.1.4
Workarounds
do not whitelist the style attribute in bleach.clean calls
limit input string length
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1623633
https://www.regular-expressions.info/redos.html
https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6817
More information about the Python-modules-team
mailing list