Description
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
References (5)
Core 5
Core References
Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807
Patch, Third Party Advisory x_refsource_misc
https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
Patch, Third Party Advisory x_refsource_misc
https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/nicolargo/glances/issues/1025
Patch, Third Party Advisory x_refsource_misc
https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32
Scores
CVSS v3
6.3
EPSS
0.0038
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-611
Status
published
Products (2)
glances_project/glances
< 3.2.1
pypi/Glances
0 - 3.2.1PyPI
Published
Jul 29, 2021
Tracked Since
Feb 18, 2026