CVE-2021-43818

Published: Dic 13, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-0117 Aliases: GHSA-55x5-fj6c-h6m8, PYSEC-2021-852

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,2

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: high

Availability: none

MEDIUM 6,8

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: none

Confidentiality: partial

Integrity: partial

Availability: partial

Description

AI Translation Available

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0280

Percentile

0,9th

Updated

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Access Control Other Integrity Non-Repudiation

Potential Impacts:

Read Application Data Bypass Protection Mechanism Alter Execution Logic Other Hide Activities

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

Operating System

Debian Linux by Debian

Product Information

Vendor Debian

Product Debian Linux

Version 10.0

CPE Identifier

CVE-2021-43818

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Common Consequences

Applicable Platforms

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Consequences

Applicable Platforms

Debian Linux by Debian

Product Information

Hci Storage Node Firmware by Netapp

Product Information

Solidfire Enterprise Sds by Netapp

Product Information

Communications Cloud Native Core Binding Support Function by Oracle

Product Information

Communications Cloud Native Core Policy by Oracle

Product Information

Fedora by Fedoraproject

Product Information

Communications Cloud Native Core Network Exposure Function by Oracle

Product Information

Solidfire by Netapp

Product Information

Fedora by Fedoraproject

Product Information

Http Server by Oracle

Product Information

Zfs Storage Appliance Kit by Oracle

Product Information

Lxml by Lxml

Product Information

Debian Linux by Debian

Product Information

Http Server by Oracle

Product Information

Debian Linux by Debian

Product Information

Iscriviti alla newsletter