Security Advisory

CVE-2024-34078

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-06 14:48:47

Last updated 2024-08-26 18:03:11

Assigner GitHub_M

State PUBLISHED

Description

html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2.

← Browse all CVEs View on cve.org ↗