CVE-2021-23418 MEDIUM

CVE-2021-23418: XML External Entity (XXE) Injection

Vendor N/A
Product Glances
Published July 29, 2021
Last update September 16, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

Key dates

02Disclosure timeline

July 29, 2021 CVE published
September 16, 2024 Record updated