Fluid Attacks Database

Description

cross-site scripting

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	lxml	>=0 <4.6.2	4.6.2
alpine v3.18	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| >=0 <4.6.2-r0	4.6.2-r0
debian 13	lxml	>=0 <4.6.2-1	4.6.2-1
alpine v3.16	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| >=0 <4.6.2-r0	4.6.2-r0
alpine v3.21	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| >=0 <4.6.2-r0	4.6.2-r0
alpine v3.22	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| >=0 <4.6.2-r0	4.6.2-r0
debian 12	lxml	>=0 <4.6.2-1	4.6.2-1
debian 14	lxml	>=0 <4.6.2-1	4.6.2-1
alpine v3.17	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| >=0 <4.6.2-r0	4.6.2-r0
alpine v3.19	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| >=0 <4.6.2-r0	4.6.2-r0

1-10 of 19

Aliases

1. CVE-2020-277832. NVD-2020-277833. OSV-2020-277834. OSV-ALPINE-2020-277835. OSV-DEBIAN-2020-277836. GHSA-pgww-xf46-h92r7. GCVE-2020-277838. lists.debian.org9. SECURITY-CVE-2020-2778310. SECURITY-TRACKER-CVE-2020-27783

References

1. https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a72. https://www.oracle.com//security-alerts/cpujul2021.html3. https://www.debian.org/security/2020/dsa-48104. https://security.netapp.com/advisory/ntap-20210521-00035. https://pypi.org/project/lxml6. https://lists.fedoraproject.org/archives/list/[email protected]/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK7. https://lists.fedoraproject.org/archives/list/[email protected]/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL8. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK9. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL10. https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2020-62.yaml11. https://github.com/lxml/lxml12. https://bugzilla.redhat.com/show_bug.cgi?id=1901633

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.