CVE-2010-2480: Mako contains Cross-site Scripting vulnerability
(updated )
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
References
- access.redhat.com/security/cve/CVE-2010-2480
- bugs.python.org/issue9061
- bugzilla.redhat.com/show_bug.cgi?id=609573
- github.com/advisories/GHSA-7q8x-38mc-p84f
- github.com/pypa/advisory-database/tree/main/vulns/mako/PYSEC-2010-1.yaml
- github.com/sqlalchemy/mako
- lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- nvd.nist.gov/vuln/detail/CVE-2010-2480
- www.makotemplates.org/CHANGES
Detect and mitigate CVE-2010-2480 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →