dompurify vulnerable to Cross-site Scripting · GHSA-pgjv-jrg2-gq3v · GitHub Advisory Database · GitHub

dompurify vulnerable to Cross-site Scripting

Moderate severity GitHub Reviewed Published Jan 11, 2023 to the GitHub Advisory Database

Package

dompurify (pip)

Affected versions

< 2.2.2

Patched versions

2.2.2

Description

dompurify prior to version 2.2.2 is vulnerable to cross-site scripting when converting from SVG namespace.

References

Published to the GitHub Advisory Database Jan 11, 2023

Reviewed Jan 11, 2023