Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2023-1709.NASL
HistoryMar 22, 2023 - 12:00 a.m.

Amazon Linux AMI : python-lxml (ALAS-2023-1709)

2023-03-2200:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1709 advisory.

  • A XSS vulnerability was discovered in python-lxml’s clean module. The module’s parser didn’t properly imitate browsers, which caused different behaviors between the sanitizer and the user’s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. (CVE-2020-27783)

  • lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. (CVE-2021-43818)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2023-1709.
##

include('compat.inc');

if (description)
{
  script_id(173281);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/20");

  script_cve_id("CVE-2020-27783", "CVE-2021-43818");

  script_name(english:"Amazon Linux AMI : python-lxml (ALAS-2023-1709)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1709 advisory.

  - A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly
    imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote
    attacker could exploit this flaw to run arbitrary HTML/JS code. (CVE-2020-27783)

  - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML
    Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG
    files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should
    upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. (CVE-2021-43818)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2023-1709.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-27783.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-43818.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update python-lxml' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-43818");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/03/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-lxml-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-lxml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-lxml-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-lxml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-lxml-docs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'python-lxml-debuginfo-3.2.1-4.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python-lxml-debuginfo-3.2.1-4.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python26-lxml-3.2.1-4.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python26-lxml-3.2.1-4.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python26-lxml-docs-3.2.1-4.10.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python27-lxml-3.2.1-4.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python27-lxml-3.2.1-4.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python27-lxml-docs-3.2.1-4.10.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-lxml-debuginfo / python26-lxml / python26-lxml-docs / etc");
}
VendorProductVersionCPE
amazonlinuxpython-lxml-debuginfop-cpe:/a:amazon:linux:python-lxml-debuginfo
amazonlinuxpython26-lxmlp-cpe:/a:amazon:linux:python26-lxml
amazonlinuxpython26-lxml-docsp-cpe:/a:amazon:linux:python26-lxml-docs
amazonlinuxpython27-lxmlp-cpe:/a:amazon:linux:python27-lxml
amazonlinuxpython27-lxml-docsp-cpe:/a:amazon:linux:python27-lxml-docs
amazonlinuxcpe:/o:amazon:linux

Related

amazon 3
openvas 44
suse 2
nessus 70
osv 21
prion 2
fedora 6
cbl_mariner 4
ubuntu 3
debian 5
debiancve 2
github 2
redhat 5
rocky 4
redhatcve 2
archlinux 1
oraclelinux 5
veracode 2
ubuntucve 2
alpinelinux 2
mageia 2
cve 2
redos 1
almalinux 3
ibm 1
photon 2
gentoo 1
amazon
amazon
Important: python-lxml
2023-03-17 15:53:00
Medium: python-lxml
2021-06-16 20:37:00
Important: python-lxml
2023-02-17 00:12:00
openvas
openvas
openSUSE: Security Advisory for python-lxml (openSUSE-SU-2022:0803-1)
2022-03-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0895-1)
2022-03-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0803-1)
2022-03-11 00:00:00
suse
suse
Security update for python-lxml (important)
2022-03-10 00:00:00
Security update for python-lxml (moderate)
2022-11-01 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : python-lxml (SUSE-SU-2022:0803-1)
2022-03-11 00:00:00
SUSE SLES12 Security Update : python3-lxml (SUSE-SU-2022:3460-1)
2022-09-30 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : lxml vulnerability (USN-4666-1)
2020-12-09 00:00:00
osv
osv
Moderate: python-lxml security update
2021-05-18 06:21:26
lxml - security update
2020-12-13 00:00:00
lxml vulnerable to Cross-site Scripting
2021-01-07 21:54:01
prion
prion
Cross site scripting
2020-12-03 17:15:00
Hardcoded credentials
2021-12-13 18:15:00
fedora
fedora
[SECURITY] Fedora 32 Update: python-lxml-4.4.1-5.fc32
2021-01-14 01:43:47
[SECURITY] Fedora 33 Update: python-lxml-4.5.1-3.fc33
2021-01-14 01:39:59
[SECURITY] Fedora 34 Update: mingw-python-lxml-4.6.5-1.fc34
2021-12-26 01:11:57
cbl_mariner
cbl_mariner
CVE-2020-27783 affecting package python-lxml 4.2.4-7
2021-08-11 06:39:25
CVE-2020-27783 affecting package python-lxml for versions less than 4.8.0-1
2022-04-26 19:57:36
CVE-2021-43818 affecting package python-lxml for versions less than 4.8.0-1
2022-04-26 19:57:36
ubuntu
ubuntu
lxml vulnerability
2020-12-09 00:00:00
lxml vulnerability
2020-12-11 00:00:00
lxml vulnerability
2022-01-12 00:00:00
debian
debian
[SECURITY] [DLA 2467-2] lxml regression update
2020-12-18 13:15:11
[SECURITY] [DSA 4810-1] lxml security update
2020-12-13 18:19:38
[SECURITY] [DLA 2871-1] lxml security update
2021-12-30 17:05:59
debiancve
debiancve
CVE-2020-27783
2020-12-03 17:15:00
CVE-2021-43818
2021-12-13 18:15:00
github
github
lxml vulnerable to Cross-site Scripting
2021-01-07 21:54:01
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through
2021-12-13 18:14:36
redhat
redhat
(RHSA-2021:1898) Moderate: python-lxml security update
2021-05-18 06:21:26
(RHSA-2022:1932) Moderate: python-lxml security update
2022-05-10 08:08:19
(RHSA-2022:1664) Moderate: Red Hat Software Collections security update
2022-05-02 07:48:56
rocky
rocky
python-lxml security update
2021-05-18 06:21:26
python-lxml security update
2022-05-10 08:08:19
python39:3.9 and python39-devel:3.9 security update
2022-05-10 08:00:02
redhatcve
redhatcve
CVE-2020-27783
2020-11-25 17:22:50
CVE-2021-43818
2021-12-14 18:18:50
archlinux
archlinux
[ASA-202012-1] python-lxml: cross-site scripting
2020-12-05 00:00:00
oraclelinux
oraclelinux
python-lxml security update
2021-05-25 00:00:00
python-lxml security update
2022-05-17 00:00:00
python39:3.9 and python39-devel:3.9 security update
2022-05-17 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-11-30 02:54:37
Cross-site Scripting (XSS)
2021-12-14 02:31:11
ubuntucve
ubuntucve
CVE-2020-27783
2020-12-03 00:00:00
CVE-2021-43818
2021-12-13 00:00:00
alpinelinux
alpinelinux
CVE-2020-27783
2020-12-03 17:15:00
CVE-2021-43818
2021-12-13 18:15:00
mageia
mageia
Updated python-lxml packages fix a security vulnerability
2021-01-17 19:07:01
Updated python-lxml packages fix security vulnerability
2021-12-30 19:41:51
cve
cve
CVE-2020-27783
2020-12-03 17:15:00
CVE-2021-43818
2021-12-13 18:15:00
redos
redos
ROS-20220125-14
2022-01-25 00:00:00
almalinux
almalinux
Moderate: python-lxml security update
2022-05-10 08:08:19
Moderate: python39:3.9 and python39-devel:3.9 security update
2022-05-10 08:00:02
Moderate: python38:3.8 security update
2021-05-18 06:18:31
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in lxml (CVE-2021-43818)
2023-01-12 21:59:00
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0072
2021-07-28 00:00:00
Moderate Photon OS Security Update - PHSA-2021-4.0-0072
2021-07-29 00:00:00
gentoo
gentoo
lxml: Multiple Vulnerabilities
2022-08-10 00:00:00
JSON
Related for ALA_ALAS-2023-1709.NASL
amazon3openvas44suse2nessus70osv21prion2fedora6cbl_mariner4ubuntu3debian5debiancve2github2redhat5rocky4redhatcve2archlinux1oraclelinux5veracode2ubuntucve2alpinelinux2mageia2cve2redos1almalinux3ibm1photon2gentoo1