GitHub Advisory DatabaseGHSA-R2MJ-8WGQ-73M6XML External Entity Reference in Glances
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
88.7%
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| glances_project | glances | * | cpe:2.3:a:glances_project:glances:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-r2mj-8wgq-73m6
github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a
github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32
github.com/nicolargo/glances/issues/1025
github.com/pypa/advisory-database/tree/main/vulns/glances/PYSEC-2021-115.yaml
nvd.nist.gov/vuln/detail/CVE-2021-23418
snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
88.7%