CVE-2014-3146 (GCVE-0-2014-3146)
Vulnerability from cvelistv5 – Published: 2014-05-14 19:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2941",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"name": "[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"name": "USN-2217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2217-1"
},
{
"name": "[lxml] 20140415 lxml.html.clean vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
},
{
"name": "58744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58744"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"name": "67159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67159"
},
{
"name": "MDVSA-2015:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112"
},
{
"name": "58013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58013"
},
{
"name": "20140415 lxml (python lib) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"name": "59008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59008"
},
{
"name": "openSUSE-SU-2014:0735",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"name": "20140430 Re: lxml (python lib) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2941",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"name": "[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"name": "USN-2217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2217-1"
},
{
"name": "[lxml] 20140415 lxml.html.clean vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
},
{
"name": "58744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58744"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"name": "67159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67159"
},
{
"name": "MDVSA-2015:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112"
},
{
"name": "58013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58013"
},
{
"name": "20140415 lxml (python lib) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"name": "59008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59008"
},
{
"name": "openSUSE-SU-2014:0735",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"name": "20140430 Re: lxml (python lib) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/319"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3146",
"datePublished": "2014-05-14T19:00:00",
"dateReserved": "2014-05-02T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.4\", \"matchCriteriaId\": \"FAAC1D54-E4B7-4212-A281-9AE313C7A9DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"299444A8-4017-4358-9B35-0A9C475E5FB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:0.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C48BCC21-D20B-4390-870D-C88C9863D46B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"779553CC-B269-479D-8885-1251541AC8B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F73BEB9C-4F4F-4F63-81FF-0B65D6068DA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39876055-AAFD-4584-872E-044C111417B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25FD79CE-8C7C-4994-80D6-CA1E98C062EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:0.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C641DEEC-643D-48AA-A2BC-3066CD02D072\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:0.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C29C1834-7ADB-4444-B892-083CCA6FD0EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08F26EDB-5E1C-453A-8332-6DF4FD0627F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24F0DD2C-2836-4477-849A-F154C0BF37D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FD4F21D-D09A-488A-A457-2BB5589B6B31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9DFE602-6616-4369-9CA7-5C35FA80A4B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB0F6513-1D7F-48D8-820C-F78A7935BE8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F36E5C1-7DF3-4692-8FEE-F1007E57399B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4551FDBD-8975-4399-BD00-02EC03AD0CC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F067084A-72E9-4D45-8EB9-534F718FD11C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54021062-86DC-4B28-AD87-963F0C415798\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B01E478-3B3A-4B05-AEDC-6A404DB7803A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20751814-185B-489F-AD35-239EA168D293\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB0286DD-FDA3-4B31-B579-6FD68BF88B87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B56F992-FEE5-4EB0-BB5D-B55BC2A5CDCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFEEE806-93A1-4683-9524-66B969E96D9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21DC60E8-18F6-414F-81A0-37EAEF9D73A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B693FE5-0F4F-441C-8D6D-B2B0C00F4784\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:1.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3319AB13-F589-44CA-8936-3A4D23C3C8E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCC3B496-51EE-41E0-B785-E9E4FA530116\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041CED1D-1D91-4BAC-8182-BE5870ADFEB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F93A757-1B1A-4E69-89FD-B738F80C560D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E58E8C6-6979-4256-947C-887D7E3F611A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06AC5F6D-F72C-4D30-997D-0202D9CACA49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2AFA1D4-265D-4B72-B6A0-9F31F4612C33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A216360-8892-4118-96DE-77EB7D17CA51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A3513EB-8A8F-43AE-B079-AA5E27569CDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EDD3E4E-A3C0-4686-BD91-9B58CBC74DAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDDCFAEE-9C4B-4610-81A5-A5AD4420D579\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88206B3E-503D-4C9C-85A2-8E1FB720E962\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA9D682D-CF6B-43FB-A29D-50BC54FB3E99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.1:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"925AF6FD-EB7C-48EA-8747-5066103C58A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.1:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"940C521B-EF4D-4A90-B1E1-E52C9793D645\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.1:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3AB9E27-9017-4207-A66E-199CFD9EE4B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.1:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"8900D734-E782-4759-A4DD-D577A462042C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C66C8E1-EE4E-4462-8844-15995FD1FB93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9747A1D-D644-442B-B2AE-C8D962B187E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"777CB9D2-EACF-4F1A-B533-BFED0B27D214\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58001941-9E40-45D7-9892-C79B7A8F3720\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C7FE4FA-6C7C-4A3C-B2EE-C6B70C8A3F48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7E1DFA9-CC7B-4E9F-A2E4-0FE8DF536101\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B40A7ED8-0D71-430E-BCF1-640D816C0230\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8790354C-5A4B-4CD3-ACB1-FE5AA0900281\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1B6857F-0990-4083-9876-5DDF5FA473B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"049C39E8-4804-4048-9999-A1EAFD5B910B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C51525BB-5967-4C7F-9188-5E3895B3A2CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9DC336F-02E7-4E1C-A8EA-21DEE84A52F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD4FB16F-6BFA-4D2A-8D48-1A01154C3F85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00400181-FA11-49CE-B932-4F21A8278D81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6392F721-9F0D-4BBC-B392-A9C6F14F7F17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95F6166A-3856-451D-AFAA-56C5D09752D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE0D09BB-8796-40F1-8599-107B9C775C12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7550F3D6-4FCC-4AD5-A92D-D984A6824AB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.3:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"30EAB48D-A728-46FB-92B3-0B97CF85E72B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.3:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"127C133B-5022-46FB-9D6F-05FB2E83CA87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.3:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3E49A50-3861-4265-BB2B-ABEA50C6DE7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.3:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D72B1891-2E24-4DA7-B243-80306866F934\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDB6BCDC-7207-4895-8746-E40DDD1D5585\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F0D4EB6-5ED8-4018-A1FE-9BEB6D511830\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"627C0FA1-7425-4E6B-92C5-652D4F62ECAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70059F02-B63D-4583-8AD4-769BA648317F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC4FCBFB-632A-451E-8A17-C4A8F8A65AAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:2.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8763BB95-EBF9-40A1-908C-4207D87FE578\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC015741-8F99-4F3D-B3F6-07BF23A70DC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.0:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1A35DEE-2561-4B4A-BFE0-C443C70175BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.0:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FBFD00B-5821-400E-A83C-FB0D1C26A4DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AB7BA95-5BEC-4AC6-8F93-5D918D1B31D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDAEFE73-F873-4F48-A274-F6CCB40766DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1ED8D046-5701-4AD4-BFA6-D186AA596B26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.1:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"685D86D0-4A37-4B9B-BD70-C1127EA51907\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B72ABBA-9319-4BFE-8F3B-F6F36F64EB12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2684097-3082-4612-8E1B-5CA6D2E20E3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7981486F-129D-433B-A489-0AB90A2062E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45C3BB16-3D44-43E8-AEF5-3454495F0CC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD521388-6E28-427E-9086-79BCEDB1025F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BFA21DA-4807-496D-B63A-F95E6E9F39FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87B742D1-4838-4D48-A17A-386E0CF517B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1191E15-DC8D-4D2B-8563-10DFFF60CD51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BA34CA6-7309-490C-8DB7-7F051F9C3CDE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.3.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"E58C7CFD-0135-4D59-8D9D-A12A7BACF387\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.3.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FE30C26-028B-41A1-842C-1AF19E551F54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.3.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"188EA215-8ACA-482F-9283-6780E29B5F4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.3.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"738B75AC-0AFC-4108-88A1-80EC6D03FBD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.3.0:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"99226ADA-A62E-4366-BDD1-1D33BDCA813F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.3.0:beta5:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F1E30E8-484C-4925-9B6F-DD266AC602B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02E0191B-661F-4C60-AC7F-68B95E730013\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7922BC86-D318-404B-A39B-8AC9B1AF70BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lxml:lxml:3.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26BFDC2C-CAFE-4301-903F-31713885EB94\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de lista negra incompleta en el m\\u00f3dulo lxml.html.clean en lxml anterior a 3.3.5 permite a atacantes remotos realizar ataques de XSS a trav\\u00e9s de caracteres de control en la esquema de enlace hacia la funci\\u00f3n clean_html.\"}]",
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html\n\n\"CWE-184: Incomplete Blacklist\"",
"id": "CVE-2014-3146",
"lastModified": "2024-11-21T02:07:32.220",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2014-05-14T19:55:11.653",
"references": "[{\"url\": \"http://advisories.mageia.org/MGASA-2014-0218.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lxml.de/3.3/changes-3.3.5.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Apr/210\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Apr/319\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/58013\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/58744\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/59008\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2014/dsa-2941\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:112\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2014/05/09/7\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/67159\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2217-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://advisories.mageia.org/MGASA-2014-0218.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lxml.de/3.3/changes-3.3.5.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Apr/210\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Apr/319\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/58013\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/58744\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/59008\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2014/dsa-2941\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:112\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2014/05/09/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/67159\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2217-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-3146\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-05-14T19:55:11.653\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de lista negra incompleta en el m\u00f3dulo lxml.html.clean en lxml anterior a 3.3.5 permite a atacantes remotos realizar ataques de XSS a trav\u00e9s de caracteres de control en la esquema de enlace hacia la funci\u00f3n clean_html.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.4\",\"matchCriteriaId\":\"FAAC1D54-E4B7-4212-A281-9AE313C7A9DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"299444A8-4017-4358-9B35-0A9C475E5FB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:0.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C48BCC21-D20B-4390-870D-C88C9863D46B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"779553CC-B269-479D-8885-1251541AC8B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F73BEB9C-4F4F-4F63-81FF-0B65D6068DA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39876055-AAFD-4584-872E-044C111417B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25FD79CE-8C7C-4994-80D6-CA1E98C062EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:0.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C641DEEC-643D-48AA-A2BC-3066CD02D072\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:0.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C29C1834-7ADB-4444-B892-083CCA6FD0EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08F26EDB-5E1C-453A-8332-6DF4FD0627F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24F0DD2C-2836-4477-849A-F154C0BF37D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FD4F21D-D09A-488A-A457-2BB5589B6B31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9DFE602-6616-4369-9CA7-5C35FA80A4B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB0F6513-1D7F-48D8-820C-F78A7935BE8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F36E5C1-7DF3-4692-8FEE-F1007E57399B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4551FDBD-8975-4399-BD00-02EC03AD0CC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F067084A-72E9-4D45-8EB9-534F718FD11C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54021062-86DC-4B28-AD87-963F0C415798\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B01E478-3B3A-4B05-AEDC-6A404DB7803A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20751814-185B-489F-AD35-239EA168D293\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB0286DD-FDA3-4B31-B579-6FD68BF88B87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B56F992-FEE5-4EB0-BB5D-B55BC2A5CDCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFEEE806-93A1-4683-9524-66B969E96D9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21DC60E8-18F6-414F-81A0-37EAEF9D73A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B693FE5-0F4F-441C-8D6D-B2B0C00F4784\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:1.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3319AB13-F589-44CA-8936-3A4D23C3C8E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCC3B496-51EE-41E0-B785-E9E4FA530116\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041CED1D-1D91-4BAC-8182-BE5870ADFEB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F93A757-1B1A-4E69-89FD-B738F80C560D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E58E8C6-6979-4256-947C-887D7E3F611A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06AC5F6D-F72C-4D30-997D-0202D9CACA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2AFA1D4-265D-4B72-B6A0-9F31F4612C33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A216360-8892-4118-96DE-77EB7D17CA51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A3513EB-8A8F-43AE-B079-AA5E27569CDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EDD3E4E-A3C0-4686-BD91-9B58CBC74DAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDDCFAEE-9C4B-4610-81A5-A5AD4420D579\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88206B3E-503D-4C9C-85A2-8E1FB720E962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA9D682D-CF6B-43FB-A29D-50BC54FB3E99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.1:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"925AF6FD-EB7C-48EA-8747-5066103C58A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.1:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"940C521B-EF4D-4A90-B1E1-E52C9793D645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.1:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3AB9E27-9017-4207-A66E-199CFD9EE4B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.1:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8900D734-E782-4759-A4DD-D577A462042C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C66C8E1-EE4E-4462-8844-15995FD1FB93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9747A1D-D644-442B-B2AE-C8D962B187E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"777CB9D2-EACF-4F1A-B533-BFED0B27D214\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58001941-9E40-45D7-9892-C79B7A8F3720\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C7FE4FA-6C7C-4A3C-B2EE-C6B70C8A3F48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7E1DFA9-CC7B-4E9F-A2E4-0FE8DF536101\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40A7ED8-0D71-430E-BCF1-640D816C0230\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8790354C-5A4B-4CD3-ACB1-FE5AA0900281\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1B6857F-0990-4083-9876-5DDF5FA473B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"049C39E8-4804-4048-9999-A1EAFD5B910B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C51525BB-5967-4C7F-9188-5E3895B3A2CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9DC336F-02E7-4E1C-A8EA-21DEE84A52F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD4FB16F-6BFA-4D2A-8D48-1A01154C3F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00400181-FA11-49CE-B932-4F21A8278D81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6392F721-9F0D-4BBC-B392-A9C6F14F7F17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95F6166A-3856-451D-AFAA-56C5D09752D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE0D09BB-8796-40F1-8599-107B9C775C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7550F3D6-4FCC-4AD5-A92D-D984A6824AB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"30EAB48D-A728-46FB-92B3-0B97CF85E72B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.3:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"127C133B-5022-46FB-9D6F-05FB2E83CA87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.3:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E49A50-3861-4265-BB2B-ABEA50C6DE7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.3:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D72B1891-2E24-4DA7-B243-80306866F934\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDB6BCDC-7207-4895-8746-E40DDD1D5585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F0D4EB6-5ED8-4018-A1FE-9BEB6D511830\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"627C0FA1-7425-4E6B-92C5-652D4F62ECAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70059F02-B63D-4583-8AD4-769BA648317F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC4FCBFB-632A-451E-8A17-C4A8F8A65AAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:2.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8763BB95-EBF9-40A1-908C-4207D87FE578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC015741-8F99-4F3D-B3F6-07BF23A70DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1A35DEE-2561-4B4A-BFE0-C443C70175BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FBFD00B-5821-400E-A83C-FB0D1C26A4DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB7BA95-5BEC-4AC6-8F93-5D918D1B31D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDAEFE73-F873-4F48-A274-F6CCB40766DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ED8D046-5701-4AD4-BFA6-D186AA596B26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.1:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"685D86D0-4A37-4B9B-BD70-C1127EA51907\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B72ABBA-9319-4BFE-8F3B-F6F36F64EB12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2684097-3082-4612-8E1B-5CA6D2E20E3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7981486F-129D-433B-A489-0AB90A2062E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45C3BB16-3D44-43E8-AEF5-3454495F0CC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD521388-6E28-427E-9086-79BCEDB1025F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BFA21DA-4807-496D-B63A-F95E6E9F39FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87B742D1-4838-4D48-A17A-386E0CF517B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1191E15-DC8D-4D2B-8563-10DFFF60CD51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BA34CA6-7309-490C-8DB7-7F051F9C3CDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.3.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E58C7CFD-0135-4D59-8D9D-A12A7BACF387\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.3.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FE30C26-028B-41A1-842C-1AF19E551F54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.3.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"188EA215-8ACA-482F-9283-6780E29B5F4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.3.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"738B75AC-0AFC-4108-88A1-80EC6D03FBD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.3.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"99226ADA-A62E-4366-BDD1-1D33BDCA813F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.3.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1E30E8-484C-4925-9B6F-DD266AC602B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02E0191B-661F-4C60-AC7F-68B95E730013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7922BC86-D318-404B-A39B-8AC9B1AF70BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lxml:lxml:3.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26BFDC2C-CAFE-4301-903F-31713885EB94\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2014-0218.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lxml.de/3.3/changes-3.3.5.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Apr/210\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Apr/319\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/58013\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/58744\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59008\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2014/dsa-2941\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:112\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/05/09/7\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/67159\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2217-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://advisories.mageia.org/MGASA-2014-0218.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lxml.de/3.3/changes-3.3.5.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Apr/210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Apr/319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/58013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/58744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2014/dsa-2941\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/05/09/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/67159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2217-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}],\"evaluatorComment\":\"Per: http://cwe.mitre.org/data/definitions/184.html\\n\\n\\\"CWE-184: Incomplete Blacklist\\\"\"}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…