—
PYSEC-2021-115
Details
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / glances
Introduced in:
0 Fixed in: 85d5a6b4af31fcf785d5a61086cbbd166b40b07a Fix
pip install --upgrade 'glances>=85d5a6b4af31fcf785d5a61086cbbd166b40b07a' References
- https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a [FIX]
- https://github.com/nicolargo/glances/issues/1025 [REPORT]
- https://snyk.io/vuln/SNYK-PYTHON-GLANCES-1311807 [ADVISORY]
- https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32 [FIX]
- https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94 [FIX]
- https://github.com/advisories/GHSA-r2mj-8wgq-73m6 [ADVISORY]