Regular Expression Denial of Service Vulnerability in Bleach by Mozilla
CVE-2020-6817

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Mozilla Bleach
Vendor: CVE Published:; 16 February 2023

What is CVE-2020-6817?

A vulnerability in the Bleach library could allow attackers to exploit the parsing behavior of style attributes, potentially leading to a regular expression denial of service. When the bleach.clean function is utilized with specific allowed tags and style attributes, it may trigger unbounded backtracking in the regex, resulting in significant performance degradation or application crashes. This vulnerability poses a risk in scenarios where untrusted input can be processed by the bleach.clean method with specified attributes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mozilla Bleach < 3.1.4

References

https://github.com/mozilla/bleach/security/advisories/GHS...

https://bugzilla.mozilla.org/show_bug.cgi?id=1623633

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Jan 10, 2020

JSON

Mozilla

What is CVE-2020-6817?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.