CVE-2021-23418

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-23418
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23418.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-23418
Aliases
Downstream
Related
  • SNYK-PYTHON-GLANCES-1311807
Published
2021-07-29T18:15:07.727Z
Modified
2026-04-10T04:30:27.470612Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

References

Affected packages

Git / github.com/nicolargo/glances

Affected ranges

Type
GIT
Repo
https://github.com/nicolargo/glances
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d1c39b1bd0c969b2566e00e0b25adef50fb2440a
Fixed
4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
Fixed
85d5a6b4af31fcf785d5a61086cbbd166b40b07a
Fixed
9d6051be4a42f692392049fdbfc85d5dfa458b32
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.1"
        }
    ]
}

Affected versions

v1.*
v1.0
v1.1.2
v1.1.3
v1.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.4
v1.4.1
v1.4.1.1
v1.4.2
v1.4.2.1
v1.5
v1.5.1
v1.5.2
v1.6
v1.6.1
v1.7
v1.7.1
v1.7.2
v1.7.3
v2.*
v2.10
v2.11
v2.2
v2.3
v2.4.1
v2.4.2
v2.5
v2.5.1
v2.7
v2.7.1
v2.7_RC1
v2.8
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.9.0
v2.9.1
v3.*
v3.0
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6.1
v3.1.7
v3.2.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23418.json"