CVE-2021-23418
MEDIUM6.3EPSS 0.38%XML External Entity Reference in Glances
Published: 8/9/2021Modified: 4/28/2026
Description
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
Affected packages (3)
- Debian/glancesfrom 0, < 3.2.3.1+dfsg-1
- PyPI/glancesfrom 0, < 3.2.1
- PyPI/glancesfrom 0, < 85d5a6b4af31fcf785d5a61086cbbd166b40b07a, < 9d6051be4a42f692392049fdbfc85d5dfa458b32, < 4b87e979afdc06d98ed1b48da31e69eaa3a9fb94 | from 0, < 3.2.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
References (10)
- ADVISORYhttps://github.com/advisories/GHSA-r2mj-8wgq-73m6
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-23418
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-23418
- PATCHhttps://github.com/nicolargo/glances
- WEBhttps://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
- WEBhttps://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a
- WEBhttps://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32
- WEBhttps://github.com/nicolargo/glances/issues/1025
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/glances/PYSEC-2021-115.yaml
- WEBhttps://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807