← voltar
CVE-2021-23418

XML External Entity (XXE) Injection

CVSS 6.3 MEDIUMEPSS 1.6%
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Produtos afetados
n/a · Glances

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07ahttps://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32https://github.com/nicolargo/glances/issues/1025https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807