The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| pybluemonday(PyPI) | 0 | 0.0.8 | N/A |
| github.com/microcosm-cc/bluemonday(Go) | 0 | 1.0.16 | N/A |
CVSS Metrics
