Bug 1558267 (CVE-2018-7753)

Summary: CVE-2018-7753 python-bleach: URI Scheme Restriction Bypass with character entities
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: mrunge
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: python-bleach 2.1.3 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-21 19:58:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1558268    
Bug Blocks:    

Description Laura Pardo 2018-03-19 23:29:24 UTC 
A flaw was found in python-bleach version 2.1. Affected versions of this package are vulnerable to URI Scheme Restriction Bypass. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.


References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892252

Patch:
https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef
Comment 1 Laura Pardo 2018-03-19 23:30:29 UTC 
Created python-bleach tracking bugs for this issue:

Affects: fedora-26 [bug 1558268]