CVE-2021-23418
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Glances | unspecified < 3.2.1 | affected |
Weaknesses
- XML External Entity (XXE) Injection
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807
- https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
- https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a
- https://github.com/nicolargo/glances/issues/1025
- https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32
References
- https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807
- https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
- https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a
- https://github.com/nicolargo/glances/issues/1025
- https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.