| Bug ID | 1168280 |
|---|---|
| Summary | VUL-0: CVE-2020-6817: python-bleach: Regular expression denial of service in BleachSanitizerFilter.sanitize_css |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 15.1 |
| Hardware | Other |
| URL | https://smash.suse.de/issue/256206/ |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | dmueller@suse.com |
| Reporter | atoptsoglou@suse.com |
| QA Contact | security-team@suse.de |
| Found By | Security Response Team |
| Blocker | --- |
CVE-2020-6817
bleach.clean behavior parsing style attributes could result in a regular
expression denial of service (ReDoS).
Calls to bleach.clean with an allowed tag with an allowed style attribute are
vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a':
['style']}).
Workarounds:
do not whitelist the style attribute in bleach.clean calls
limit input string length
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1623633
https://www.regular-expressions.info/redos.html
https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6817
https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm