Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    Related vulnerabilities

    PYSEC-2021-115

    Vulnerability from pysec - Published: 2021-07-29 18:15 - Updated: 2021-07-29 20:29
    VLAI
    Details

    The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

    Impacted products
    Name purl
    glances pkg:pypi/glances
    Aliases
    To clipboard 

    {
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "glances",
        "purl": "pkg:pypi/glances"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "85d5a6b4af31fcf785d5a61086cbbd166b40b07a"
            },
            {
              "fixed": "9d6051be4a42f692392049fdbfc85d5dfa458b32"
            },
            {
              "fixed": "4b87e979afdc06d98ed1b48da31e69eaa3a9fb94"
            }
          ],
          "repo": "https://github.com/nicolargo/glances",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.3.1",
        "1.3.2",
        "1.3.3",
        "1.3.4",
        "1.3.5",
        "1.3.6",
        "1.3.7",
        "1.4",
        "1.4.1",
        "1.4.1.1",
        "1.4.2",
        "1.4.2.1",
        "1.5",
        "1.5.1",
        "1.5.2",
        "1.6",
        "1.6.1",
        "1.7",
        "1.7.1",
        "1.7.2",
        "1.7.3",
        "1.7.4",
        "1.7.5",
        "1.7.6",
        "1.7.7",
        "2.0",
        "2.0.1",
        "2.1",
        "2.1.1",
        "2.1.2",
        "2.10",
        "2.11",
        "2.11.1",
        "2.2",
        "2.2.1",
        "2.3",
        "2.4",
        "2.4.1",
        "2.4.2",
        "2.5",
        "2.5.1",
        "2.6",
        "2.6.1",
        "2.6.2",
        "2.7",
        "2.7.1",
        "2.8",
        "2.8.1",
        "2.8.2",
        "2.8.3",
        "2.8.4",
        "2.8.5",
        "2.8.6",
        "2.8.7",
        "2.8.8",
        "2.9.0",
        "2.9.1",
        "3.0",
        "3.0.1",
        "3.0.2",
        "3.1.0",
        "3.1.1",
        "3.1.2",
        "3.1.3",
        "3.1.4",
        "3.1.4.1",
        "3.1.5",
        "3.1.6",
        "3.1.6.1",
        "3.1.6.2",
        "3.1.7",
        "3.2.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23418",
    "SNYK-PYTHON-GLANCES-1311807",
    "GHSA-r2mj-8wgq-73m6"
  ],
  "details": "The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.\n",
  "id": "PYSEC-2021-115",
  "modified": "2021-07-29T20:29:05.800424Z",
  "published": "2021-07-29T18:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/nicolargo/glances/issues/1025"
    },
    {
      "type": "ADVISORY",
      "url": "https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807"
    },
    {
      "type": "FIX",
      "url": "https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32"
    },
    {
      "type": "FIX",
      "url": "https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-r2mj-8wgq-73m6"
    }
  ]
}