← Zuruck zu CVEs
CVE-2021-23418
MEDIUM6.3
Beschreibung
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
CVE Details
CVSS v3.1 Bewertung6.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht7/29/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
glances_project:glances
Schwachen (CWE)
CWE-611
Referenzen
https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94(report@snyk.io)
https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a(report@snyk.io)
https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32(report@snyk.io)
https://github.com/nicolargo/glances/issues/1025(report@snyk.io)
https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807(report@snyk.io)
https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nicolargo/glances/issues/1025(af854a3a-2127-422b-91ae-364da2661108)
https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.