XML External Entity (XXE) Injection Vulnerability in glances before 3.2.1

XML External Entity (XXE) Injection Vulnerability in glances before 3.2.1

CVE-2021-23418 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

Learn more about our External Network Penetration Testing.