CVE-2021-23418
XML External Entity Reference in Glances
6.3
MEDIUM
CVSS 3.1
EPSS 0.38%
Description
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
How to fix CVE-2021-23418
To remediate CVE-2021-23418, upgrade the affected package to a fixed version below.
- Debian/glances—upgrade to 3.2.3.1+dfsg-1 or later
- —upgrade to 3.2.1 or later
- —upgrade to 85d5a6b4af31fcf785d5a61086cbbd166b40b07a or later
Is CVE-2021-23418 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 3.2.3.1+dfsg-1
- from 0, < 3.2.1
- from 0, < 85d5a6b4af31fcf785d5a61086cbbd166b40b07a, < 9d6051be4a42f692392049fdbfc85d5dfa458b32, < 4b87e979afdc06d98ed1b48da31e69eaa3a9fb94 | from 0, < 3.2.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |