CVE-2021-23418: XML External Entity Reference in Glances
(updated )
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
References
- github.com/advisories/GHSA-r2mj-8wgq-73m6
- github.com/nicolargo/glances
- github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
- github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a
- github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32
- github.com/nicolargo/glances/issues/1025
- github.com/pypa/advisory-database/tree/main/vulns/glances/PYSEC-2021-115.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-23418
- snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807
Code Behaviors & Features
Detect and mitigate CVE-2021-23418 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →