python-lxml (SUSE:Linux Enterprise Server for SAP Applications 15 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 15 SP2 package python-lxml, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2021-43818 — CVSS 8.2 (high): lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain…
CVE-2022-2309 — CVSS 7.5 (high): NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together…
CVE-2018-19787 — CVSS 6.1 (medium): An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use…
CVE-2020-27783 — CVSS 6.1 (medium): A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused…
CVE-2021-28957 — CVSS 6.1 (medium): An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms…