CVE-2020-6817 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-6817 Interim 1 20 2025-11-05T02:47:07Z current 2021-05-30T14:37:16Z 2025-11-05T02:47:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-6817 bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YFAKMJGUZHUTZ53ZAID6PRVP5MSLXPGV/ E-Mail link for openSUSE-SU-2021:0552-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UAZHEWM4ZYBZY5GDDDOMIZYEGFNANLKS/ E-Mail link for openSUSE-SU-2021:0571-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Package Hub 15 SP2 openSUSE Leap 15.2 openSUSE Tumbleweed python2-bleach-3.1.5-bp152.2.4.1 python2-bleach-3.1.5-lp152.2.3.1 python3-bleach-3.1.5-bp152.2.4.1 python3-bleach-3.1.5-lp152.2.3.1 python310-bleach-6.1.0-1.5 python311-bleach-6.0.0-150400.9.3.1 python311-bleach-6.1.0-1.5 python312-bleach-6.1.0-1.5 python313-bleach-6.2.0-160000.2.2 python36-bleach-3.3.0-1.4 python38-bleach-3.3.0-1.4 python39-bleach-3.3.0-1.4 python311-bleach-6.0.0-150400.9.3.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python313-bleach-6.2.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 python2-bleach-3.1.5-bp152.2.4.1 as a component of SUSE Package Hub 15 SP2 python3-bleach-3.1.5-bp152.2.4.1 as a component of SUSE Package Hub 15 SP2 python2-bleach-3.1.5-lp152.2.3.1 as a component of openSUSE Leap 15.2 python3-bleach-3.1.5-lp152.2.3.1 as a component of openSUSE Leap 15.2 python310-bleach-6.1.0-1.5 as a component of openSUSE Tumbleweed python311-bleach-6.1.0-1.5 as a component of openSUSE Tumbleweed python312-bleach-6.1.0-1.5 as a component of openSUSE Tumbleweed python36-bleach-3.3.0-1.4 as a component of openSUSE Tumbleweed python38-bleach-3.3.0-1.4 as a component of openSUSE Tumbleweed python39-bleach-3.3.0-1.4 as a component of openSUSE Tumbleweed bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). CVE-2020-6817 SUSE Linux Enterprise Module for Python 3 15 SP6:python311-bleach-6.0.0-150400.9.3.1 SUSE Linux Enterprise Server 16.0:python313-bleach-6.2.0-160000.2.2 SUSE Package Hub 15 SP2:python2-bleach-3.1.5-bp152.2.4.1 SUSE Package Hub 15 SP2:python3-bleach-3.1.5-bp152.2.4.1 openSUSE Leap 15.2:python2-bleach-3.1.5-lp152.2.3.1 openSUSE Leap 15.2:python3-bleach-3.1.5-lp152.2.3.1 openSUSE Tumbleweed:python310-bleach-6.1.0-1.5 openSUSE Tumbleweed:python311-bleach-6.1.0-1.5 openSUSE Tumbleweed:python312-bleach-6.1.0-1.5 openSUSE Tumbleweed:python36-bleach-3.3.0-1.4 openSUSE Tumbleweed:python38-bleach-3.3.0-1.4 openSUSE Tumbleweed:python39-bleach-3.3.0-1.4 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H