Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Related vulnerabilities

PYSEC-2021-115

Vulnerability from pysec - Published: 2021-07-29 18:15 - Updated: 2021-07-29 20:29
VLAI?
Details

The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

Impacted products
Name purl
glances pkg:pypi/glances
Aliases
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "glances",
        "purl": "pkg:pypi/glances"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "85d5a6b4af31fcf785d5a61086cbbd166b40b07a"
            },
            {
              "fixed": "9d6051be4a42f692392049fdbfc85d5dfa458b32"
            },
            {
              "fixed": "4b87e979afdc06d98ed1b48da31e69eaa3a9fb94"
            }
          ],
          "repo": "https://github.com/nicolargo/glances",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.3.1",
        "1.3.2",
        "1.3.3",
        "1.3.4",
        "1.3.5",
        "1.3.6",
        "1.3.7",
        "1.4",
        "1.4.1",
        "1.4.1.1",
        "1.4.2",
        "1.4.2.1",
        "1.5",
        "1.5.1",
        "1.5.2",
        "1.6",
        "1.6.1",
        "1.7",
        "1.7.1",
        "1.7.2",
        "1.7.3",
        "1.7.4",
        "1.7.5",
        "1.7.6",
        "1.7.7",
        "2.0",
        "2.0.1",
        "2.1",
        "2.1.1",
        "2.1.2",
        "2.10",
        "2.11",
        "2.11.1",
        "2.2",
        "2.2.1",
        "2.3",
        "2.4",
        "2.4.1",
        "2.4.2",
        "2.5",
        "2.5.1",
        "2.6",
        "2.6.1",
        "2.6.2",
        "2.7",
        "2.7.1",
        "2.8",
        "2.8.1",
        "2.8.2",
        "2.8.3",
        "2.8.4",
        "2.8.5",
        "2.8.6",
        "2.8.7",
        "2.8.8",
        "2.9.0",
        "2.9.1",
        "3.0",
        "3.0.1",
        "3.0.2",
        "3.1.0",
        "3.1.1",
        "3.1.2",
        "3.1.3",
        "3.1.4",
        "3.1.4.1",
        "3.1.5",
        "3.1.6",
        "3.1.6.1",
        "3.1.6.2",
        "3.1.7",
        "3.2.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23418",
    "SNYK-PYTHON-GLANCES-1311807",
    "GHSA-r2mj-8wgq-73m6"
  ],
  "details": "The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.\n",
  "id": "PYSEC-2021-115",
  "modified": "2021-07-29T20:29:05.800424Z",
  "published": "2021-07-29T18:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/nicolargo/glances/issues/1025"
    },
    {
      "type": "ADVISORY",
      "url": "https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807"
    },
    {
      "type": "FIX",
      "url": "https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32"
    },
    {
      "type": "FIX",
      "url": "https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-r2mj-8wgq-73m6"
    }
  ]
}