sphinx 0.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the sphinx package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in google style docs, due to using an inefficient regex pattern with quantified overlapping adjacency. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `sphinx` to version 3.3.0 or higher.	[,3.3.0)
M Regular Expression Denial of Service (ReDoS) Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in the function `load_v2` of `inventory.py`. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `sphinx` to version 3.3.0 or higher.	[,3.3.0)
M Cross-site Scripting (XSS) Sphinx is a Python documentation generator. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html(), .append()`, and others) may execute untrusted code. How to fix Cross-site Scripting (XSS)? Upgrade `Sphinx` to version 3.0.4 or higher.	[,3.0.4)
M Cross-site Scripting (XSS) Sphinx is a Python documentation generator. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. NOTE: This vulnerability was also assigned CVE-2020-23064. How to fix Cross-site Scripting (XSS)? Upgrade `Sphinx` to version 3.0.4 or higher.	[,3.0.4)

Vulnerability

Vulnerable Version

Regular Expression Denial of Service (ReDoS)

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in google style docs, due to using an inefficient regex pattern with quantified overlapping adjacency.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade sphinx to version 3.3.0 or higher.

[,3.3.0)

Regular Expression Denial of Service (ReDoS)

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in the function load_v2 of inventory.py.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade sphinx to version 3.3.0 or higher.

[,3.3.0)

Cross-site Scripting (XSS)

Sphinx is a Python documentation generator.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

How to fix Cross-site Scripting (XSS)?

Upgrade Sphinx to version 3.0.4 or higher.

[,3.0.4)

Cross-site Scripting (XSS)

Sphinx is a Python documentation generator.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) Passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

NOTE: This vulnerability was also assigned CVE-2020-23064.

How to fix Cross-site Scripting (XSS)?

Upgrade Sphinx to version 3.0.4 or higher.

[,3.0.4)

sphinx@0.2 vulnerabilities

Python documentation generator

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically