CVEs-PoC/2020/CVE-2020-6817.md

### [CVE-2020-6817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6817)
![](https://img.shields.io/static/v1?label=Product&message=Mozilla%20Bleach&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%203.1.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=regular%20expression%20denial-of-service%20(ReDoS)%20in%20BleachSanitizerFilter.sanitize_css%20gauntlet%20regular%20expression%20&color=brighgreen)

### Description

bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

### POC

#### Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1623633

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/RonenDabach/-python-tda-bug-hunt-new
- https://github.com/engn33r/awesome-redos-security