v6.0.2 #224
rgrove
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Bug Fixes
CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS (cross-site scripting). This issue affects Sanitize versions 3.0.0 through 6.0.1.
When using Sanitize's relaxed config or a custom config that allows
<style>elements and one or more CSS at-rules, carefully crafted input could be used to sneak arbitrary HTML through Sanitize.See the following security advisory for additional details: GHSA-f5ww-cq3m-q3g7
Thanks to @cure53 for finding this issue.
This discussion was created from the release v6.0.2.
Beta Was this translation helpful? Give feedback.
All reactions