Reflected cross-site scripting (XSS) In py3-lxml
Description
insufficient validation
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 alpine v3.17 | =2.2.6-r0 || =2.2.8-r0 || =2.2.8-r1 || =2.3.4-r1 || =2.3.5-r0 || =3.1.0-r0 || =3.2.3-r0 || =3.3.2-r0 || =3.4.0-r0 || =3.4.4-r0 || =3.5.0-r0 || =3.6.0-r0 || =3.6.0-r1 || =3.6.4-r0 || =3.7.1-r0 || =3.7.2-r0 || =3.7.2-r1 || =3.8.0-r0 || =4.0.0-r0 || =4.1.0-r0 || =4.1.0-r1 || =4.1.1-r0 || =4.2.0-r0 || =4.2.1-r0 || =4.2.2-r0 || =4.2.3-r0 || =4.2.4-r0 || =4.2.5-r0 || =4.3.2-r0 || =4.3.3-r0 || =4.3.3-r1 || =4.3.4-r0 || =4.4.0-r0 || =4.4.1-r0 || =4.4.1-r1 || =4.4.1-r2 || =4.4.1-r3 || =4.4.2-r0 || =4.4.3-r0 || =4.5.0-r0 || =4.5.1-r0 || =4.5.2-r0 || =4.6.0-r0 || =4.6.1-r0 || =4.6.2-r0 || >=0 <4.6.3-r0 | 4.6.3-r0 | |
alpine v3.18 | =2.2.6-r0 || =2.2.8-r0 || =2.2.8-r1 || =2.3.4-r1 || =2.3.5-r0 || =3.1.0-r0 || =3.2.3-r0 || =3.3.2-r0 || =3.4.0-r0 || =3.4.4-r0 || =3.5.0-r0 || =3.6.0-r0 || =3.6.0-r1 || =3.6.4-r0 || =3.7.1-r0 || =3.7.2-r0 || =3.7.2-r1 || =3.8.0-r0 || =4.0.0-r0 || =4.1.0-r0 || =4.1.0-r1 || =4.1.1-r0 || =4.2.0-r0 || =4.2.1-r0 || =4.2.2-r0 || =4.2.3-r0 || =4.2.4-r0 || =4.2.5-r0 || =4.3.2-r0 || =4.3.3-r0 || =4.3.3-r1 || =4.3.4-r0 || =4.4.0-r0 || =4.4.1-r0 || =4.4.1-r1 || =4.4.1-r2 || =4.4.1-r3 || =4.4.2-r0 || =4.4.3-r0 || =4.5.0-r0 || =4.5.1-r0 || =4.5.2-r0 || =4.6.0-r0 || =4.6.1-r0 || =4.6.2-r0 || >=0 <4.6.3-r0 | 4.6.3-r0 | |
 debian 13 | >=0 <4.6.3-1 | 4.6.3-1 | |
alpine v3.19 | =2.2.6-r0 || =2.2.8-r0 || =2.2.8-r1 || =2.3.4-r1 || =2.3.5-r0 || =3.1.0-r0 || =3.2.3-r0 || =3.3.2-r0 || =3.4.0-r0 || =3.4.4-r0 || =3.5.0-r0 || =3.6.0-r0 || =3.6.0-r1 || =3.6.4-r0 || =3.7.1-r0 || =3.7.2-r0 || =3.7.2-r1 || =3.8.0-r0 || =4.0.0-r0 || =4.1.0-r0 || =4.1.0-r1 || =4.1.1-r0 || =4.2.0-r0 || =4.2.1-r0 || =4.2.2-r0 || =4.2.3-r0 || =4.2.4-r0 || =4.2.5-r0 || =4.3.2-r0 || =4.3.3-r0 || =4.3.3-r1 || =4.3.4-r0 || =4.4.0-r0 || =4.4.1-r0 || =4.4.1-r1 || =4.4.1-r2 || =4.4.1-r3 || =4.4.2-r0 || =4.4.3-r0 || =4.5.0-r0 || =4.5.1-r0 || =4.5.2-r0 || =4.6.0-r0 || =4.6.1-r0 || =4.6.2-r0 || >=0 <4.6.3-r0 | 4.6.3-r0 | |
debian 11 | >=0 <4.6.3-1 | 4.6.3-1 | |
 pypi | >=0 <4.6.3 | 4.6.3 | |
alpine v3.16 | =2.2.6-r0 || =2.2.8-r0 || =2.2.8-r1 || =2.3.4-r1 || =2.3.5-r0 || =3.1.0-r0 || =3.2.3-r0 || =3.3.2-r0 || =3.4.0-r0 || =3.4.4-r0 || =3.5.0-r0 || =3.6.0-r0 || =3.6.0-r1 || =3.6.4-r0 || =3.7.1-r0 || =3.7.2-r0 || =3.7.2-r1 || =3.8.0-r0 || =4.0.0-r0 || =4.1.0-r0 || =4.1.0-r1 || =4.1.1-r0 || =4.2.0-r0 || =4.2.1-r0 || =4.2.2-r0 || =4.2.3-r0 || =4.2.4-r0 || =4.2.5-r0 || =4.3.2-r0 || =4.3.3-r0 || =4.3.3-r1 || =4.3.4-r0 || =4.4.0-r0 || =4.4.1-r0 || =4.4.1-r1 || =4.4.1-r2 || =4.4.1-r3 || =4.4.2-r0 || =4.4.3-r0 || =4.5.0-r0 || =4.5.1-r0 || =4.5.2-r0 || =4.6.0-r0 || =4.6.1-r0 || =4.6.2-r0 || >=0 <4.6.3-r0 | 4.6.3-r0 | |
alpine v3.20 | =2.2.6-r0 || =2.2.8-r0 || =2.2.8-r1 || =2.3.4-r1 || =2.3.5-r0 || =3.1.0-r0 || =3.2.3-r0 || =3.3.2-r0 || =3.4.0-r0 || =3.4.4-r0 || =3.5.0-r0 || =3.6.0-r0 || =3.6.0-r1 || =3.6.4-r0 || =3.7.1-r0 || =3.7.2-r0 || =3.7.2-r1 || =3.8.0-r0 || =4.0.0-r0 || =4.1.0-r0 || =4.1.0-r1 || =4.1.1-r0 || =4.2.0-r0 || =4.2.1-r0 || =4.2.2-r0 || =4.2.3-r0 || =4.2.4-r0 || =4.2.5-r0 || =4.3.2-r0 || =4.3.3-r0 || =4.3.3-r1 || =4.3.4-r0 || =4.4.0-r0 || =4.4.1-r0 || =4.4.1-r1 || =4.4.1-r2 || =4.4.1-r3 || =4.4.2-r0 || =4.4.3-r0 || =4.5.0-r0 || =4.5.1-r0 || =4.5.2-r0 || =4.6.0-r0 || =4.6.1-r0 || =4.6.2-r0 || >=0 <4.6.3-r0 | 4.6.3-r0 | |
alpine v3.21 | =2.2.6-r0 || =2.2.8-r0 || =2.2.8-r1 || =2.3.4-r1 || =2.3.5-r0 || =3.1.0-r0 || =3.2.3-r0 || =3.3.2-r0 || =3.4.0-r0 || =3.4.4-r0 || =3.5.0-r0 || =3.6.0-r0 || =3.6.0-r1 || =3.6.4-r0 || =3.7.1-r0 || =3.7.2-r0 || =3.7.2-r1 || =3.8.0-r0 || =4.0.0-r0 || =4.1.0-r0 || =4.1.0-r1 || =4.1.1-r0 || =4.2.0-r0 || =4.2.1-r0 || =4.2.2-r0 || =4.2.3-r0 || =4.2.4-r0 || =4.2.5-r0 || =4.3.2-r0 || =4.3.3-r0 || =4.3.3-r1 || =4.3.4-r0 || =4.4.0-r0 || =4.4.1-r0 || =4.4.1-r1 || =4.4.1-r2 || =4.4.1-r3 || =4.4.2-r0 || =4.4.3-r0 || =4.5.0-r0 || =4.5.1-r0 || =4.5.2-r0 || =4.6.0-r0 || =4.6.1-r0 || =4.6.2-r0 || >=0 <4.6.3-r0 | 4.6.3-r0 | |
alpine v3.22 | =2.2.6-r0 || =2.2.8-r0 || =2.2.8-r1 || =2.3.4-r1 || =2.3.5-r0 || =3.1.0-r0 || =3.2.3-r0 || =3.3.2-r0 || =3.4.0-r0 || =3.4.4-r0 || =3.5.0-r0 || =3.6.0-r0 || =3.6.0-r1 || =3.6.4-r0 || =3.7.1-r0 || =3.7.2-r0 || =3.7.2-r1 || =3.8.0-r0 || =4.0.0-r0 || =4.1.0-r0 || =4.1.0-r1 || =4.1.1-r0 || =4.2.0-r0 || =4.2.1-r0 || =4.2.2-r0 || =4.2.3-r0 || =4.2.4-r0 || =4.2.5-r0 || =4.3.2-r0 || =4.3.3-r0 || =4.3.3-r1 || =4.3.4-r0 || =4.4.0-r0 || =4.4.1-r0 || =4.4.1-r1 || =4.4.1-r2 || =4.4.1-r3 || =4.4.2-r0 || =4.4.3-r0 || =4.5.0-r0 || =4.5.1-r0 || =4.5.2-r0 || =4.6.0-r0 || =4.6.1-r0 || =4.6.2-r0 || >=0 <4.6.3-r0 | 4.6.3-r0 |
1-10 of 21
10
Aliases
References
1. https://github.com/lxml/lxml/pull/3162. https://github.com/lxml/lxml/pull/316/commits/10ec1b4e9f93713513a3264ed6158af22492f2703. https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d4. https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a9995. https://www.oracle.com/security-alerts/cpuoct2021.html6. https://www.debian.org/security/2021/dsa-48807. https://security.netapp.com/advisory/ntap-20210521-00048. https://pypi.org/project/lxml9. https://lists.fedoraproject.org/archives/list/[email protected]/message/XXN3QPWCTQVOGW4BMWV3AUUZZ4NRZNSQ10. https://lists.fedoraproject.org/archives/list/[email protected]/message/3C2R44VDUY7FJVMAVRZ2WY7XYL4SVN4511. https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-19.yaml12. https://bugs.launchpad.net/lxml/+bug/1888153
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.