CVE-2024-34078

CVSS V2 None CVSS V3 None
Description
html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2.
Overview
  • CVE ID
  • CVE-2024-34078
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-05-06T14:48:47.506Z
  • Last Modified Date
  • 2024-06-04T17:41:44.888Z
History
Created Old Value New Value Data Type Notes
2024-06-26 14:42:32 Added to TrackCVE