VDB
CVE-2021-23418
CVE-2021-23418
PUBLISHED
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
EPSS 0.38% · 59.9th percentile
Risk Scores
EPSS Score
0.38%
59.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | glances | 2.3-1build1, 0 |
| Ubuntu:Pro:18.04:LTS | glances | 2.11.1-2, 0, 2.11.1-3 |
| Ubuntu:Pro:20.04:LTS | glances | 0, 3.1.0-1, 3.1.1-1 |
Exploit Intelligence
- https://github.com/nicolargo/glances/issues/1025 (nist-nvd)
- https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807 (circl)
- https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94 (circl)
- https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a (circl)
- https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32 (circl)
Timeline
- Jul 29, 2021 CVE Published
- Jul 30, 2021 EPSS Score
- Sep 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 23, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 23, 2022 EPSS Score
- May 22, 2022 EPSS Score
- Jul 21, 2022 EPSS Score
- Sep 18, 2022 EPSS Score
- Nov 16, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-23418 third-party-advisory
- https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a third-party-advisory
- https://github.com/nicolargo/glances/issues/1025 third-party-advisory
- https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807 third-party-advisory
- https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32 third-party-advisory
- https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94 third-party-advisory
- https://ubuntu.com/security/notices/USN-5187-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23418 third-party-advisory