Vulnerability-Lookup - Search a vulnerability

Related vulnerabilities

pysec-2021-115

Vulnerability from pysec

Published

2021-07-29 18:15

Modified

2021-07-29 20:29

Details

The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

Impacted products

Name	purl
glances	pkg:pypi/glances

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "glances",
        "purl": "pkg:pypi/glances"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "85d5a6b4af31fcf785d5a61086cbbd166b40b07a"
            },
            {
              "fixed": "9d6051be4a42f692392049fdbfc85d5dfa458b32"
            },
            {
              "fixed": "4b87e979afdc06d98ed1b48da31e69eaa3a9fb94"
            }
          ],
          "repo": "https://github.com/nicolargo/glances",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.3.1",
        "1.3.2",
        "1.3.3",
        "1.3.4",
        "1.3.5",
        "1.3.6",
        "1.3.7",
        "1.4",
        "1.4.1",
        "1.4.1.1",
        "1.4.2",
        "1.4.2.1",
        "1.5",
        "1.5.1",
        "1.5.2",
        "1.6",
        "1.6.1",
        "1.7",
        "1.7.1",
        "1.7.2",
        "1.7.3",
        "1.7.4",
        "1.7.5",
        "1.7.6",
        "1.7.7",
        "2.0",
        "2.0.1",
        "2.1",
        "2.1.1",
        "2.1.2",
        "2.10",
        "2.11",
        "2.11.1",
        "2.2",
        "2.2.1",
        "2.3",
        "2.4",
        "2.4.1",
        "2.4.2",
        "2.5",
        "2.5.1",
        "2.6",
        "2.6.1",
        "2.6.2",
        "2.7",
        "2.7.1",
        "2.8",
        "2.8.1",
        "2.8.2",
        "2.8.3",
        "2.8.4",
        "2.8.5",
        "2.8.6",
        "2.8.7",
        "2.8.8",
        "2.9.0",
        "2.9.1",
        "3.0",
        "3.0.1",
        "3.0.2",
        "3.1.0",
        "3.1.1",
        "3.1.2",
        "3.1.3",
        "3.1.4",
        "3.1.4.1",
        "3.1.5",
        "3.1.6",
        "3.1.6.1",
        "3.1.6.2",
        "3.1.7",
        "3.2.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23418",
    "SNYK-PYTHON-GLANCES-1311807",
    "GHSA-r2mj-8wgq-73m6"
  ],
  "details": "The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.\n",
  "id": "PYSEC-2021-115",
  "modified": "2021-07-29T20:29:05.800424Z",
  "published": "2021-07-29T18:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/nicolargo/glances/issues/1025"
    },
    {
      "type": "ADVISORY",
      "url": "https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807"
    },
    {
      "type": "FIX",
      "url": "https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32"
    },
    {
      "type": "FIX",
      "url": "https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-r2mj-8wgq-73m6"
    }
  ]
}