CVE-2021-23418
MEDIUM6.3EPSS 0.38%XML External Entity Reference in Glances
發布日:2021/8/9修改日:2026/4/28
描述
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
受影響套件(3)
- Debian/glancesfrom 0, < 3.2.3.1+dfsg-1
- PyPI/glancesfrom 0, < 3.2.1
- PyPI/glancesfrom 0, < 85d5a6b4af31fcf785d5a61086cbbd166b40b07a, < 9d6051be4a42f692392049fdbfc85d5dfa458b32, < 4b87e979afdc06d98ed1b48da31e69eaa3a9fb94 | from 0, < 3.2.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
參考連結(10)
- ADVISORYhttps://github.com/advisories/GHSA-r2mj-8wgq-73m6
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-23418
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-23418
- PATCHhttps://github.com/nicolargo/glances
- WEBhttps://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
- WEBhttps://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a
- WEBhttps://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32
- WEBhttps://github.com/nicolargo/glances/issues/1025
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/glances/PYSEC-2021-115.yaml
- WEBhttps://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807