sphinx@2.4.5 vulnerabilities

Python documentation generator

  • latest version

    8.1.3

  • latest non vulnerable version

  • first published

    16 years ago

  • latest version published

    2 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the sphinx package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Regular Expression Denial of Service (ReDoS)

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in google style docs, due to using an inefficient regex pattern with quantified overlapping adjacency.

    How to fix Regular Expression Denial of Service (ReDoS)?

    Upgrade sphinx to version 3.3.0 or higher.

    [,3.3.0)
    • M
    Regular Expression Denial of Service (ReDoS)

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in the function load_v2 of inventory.py.

    How to fix Regular Expression Denial of Service (ReDoS)?

    Upgrade sphinx to version 3.3.0 or higher.

    [,3.3.0)
    • M
    Cross-site Scripting (XSS)

    Sphinx is a Python documentation generator.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

    How to fix Cross-site Scripting (XSS)?

    Upgrade Sphinx to version 3.0.4 or higher.

    [,3.0.4)
    • M
    Cross-site Scripting (XSS)

    Sphinx is a Python documentation generator.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) Passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

    NOTE: This vulnerability was also assigned CVE-2020-23064.

    How to fix Cross-site Scripting (XSS)?

    Upgrade Sphinx to version 3.0.4 or higher.

    [,3.0.4)