Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIybWotOHdncS03M202
XML External Entity Reference in Glances
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
Permalink: https://github.com/advisories/GHSA-r2mj-8wgq-73m6JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIybWotOHdncS03M202
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 6.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Identifiers: GHSA-r2mj-8wgq-73m6, CVE-2021-23418
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-23418
- https://github.com/nicolargo/glances/issues/1025
- https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
- https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a
- https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32
- https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807
- https://github.com/advisories/GHSA-r2mj-8wgq-73m6
Blast Radius: 9.2
Affected Packages
pypi:Glances
Dependent packages: 0Dependent repositories: 29
Downloads: 260,198 last month
Affected Version Ranges: < 3.2.1
Fixed in: 3.2.1
All affected versions: 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.4.1, 1.4.2, 1.5.1, 1.5.2, 1.6.1, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 2.0.1, 2.1.1, 2.1.2, 2.2.1, 2.4.1, 2.4.2, 2.5.1, 2.6.1, 2.6.2, 2.7.1, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.9.0, 2.9.1, 2.11.1, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.2.0
All unaffected versions: 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.7, 3.3.0, 3.3.1, 3.4.0