View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2021-42576 not yet assigned priority: Debian including 1 source packages (golang-github-microcosm-cc-bluemonday), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 4, open 1.
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.