CVE-2020-11888: Cross-site Scripting
(updated )
python-markdown2 allows XSS because element names are mishandled unless a \w+
match succeeds. For example, an attack might use elementname@
or elementname-
with an onclick
attribute.
References
Detect and mitigate CVE-2020-11888 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →