{"id":"PYSEC-2020-340","details":"In Mozilla Bleach before 3.1.4, `bleach.clean` behavior parsing style attributes could result in a regular expression denial of service (ReDoS).","aliases":["CVE-2020-6817","GHSA-vqhp-cxgc-6wmm","SNYK-PYTHON-BLEACH-561754"],"modified":"2023-11-08T04:03:57.176645Z","published":"2020-03-30T19:45:00Z","references":[{"type":"ADVISORY","url":"https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm"},{"type":"ARTICLE","url":"https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1623633"},{"type":"WEB","url":"https://github.com/mozilla/bleach/releases/tag/v3.1.4"},{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-PYTHON-BLEACH-561754"}],"affected":[{"package":{"name":"bleach","ecosystem":"PyPI","purl":"pkg:pypi/bleach"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.4"}]}],"versions":["0.1","0.1.1","0.1.2","0.2","0.2.1","0.2.2","0.3","0.3.1","0.3.3","0.3.4","0.5.0","0.5.1","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.2","1.2.1","1.2.2","1.4","1.4.1","1.4.2","1.4.3","1.5.0","2.0.0","2.1","2.1.1","2.1.2","2.1.3","2.1.4","3.0.0","3.0.1","3.0.2","3.1.0","3.1.1","3.1.2","3.1.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/bleach/PYSEC-2020-340.yaml"}}],"schema_version":"1.7.3"}